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Primary er , CVSS Source & Patch 
Vendor -- Product Desenipion published Score Info 
Adobe After Effects version 18.1 (and earlier) is affected by an 
Uncontrolled Search Path element vulnerability. An CVE-2021-28570 
adobe -- after_effects unauthenticated attacker could exploit this to to plant custom 2021-06-28 9.3 MSC .OCOS~™SM 
binaries and execute them with System permissions. Exploitation ros 
of this issue requires user interaction. 
After Effects version 18.0 (and earlier) are affected by an out-of- 
bounds write vulnerability that could result in arbitrary code CVE-2021-28586 
adobe -- after_effects execution in the context of the current user. Exploitation of this 2021-06-28 9.3 MSC..OC~™S 
issue requires user interaction in that a victim must open a Poaceae 
malicious file. 
Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected 
by a Path Traversal vulnerability when parsing a crafted HTTP 
POST request. An authenticated attacker could leverage this CVE-2021-28588 
pdehe=mpeneipseier vulnerability to achieve arbitrary code execution in the context of ever te2e 9 MISC 
the current user. Exploitation of this issue does not require user 
interaction. 
CVE-2021-34187 
si ‘ : ; : MISC 
oe : main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows 6. Fearn 
piamile<ohamllo SQL Injection via the searchField, filters, or filters2 parameter. 2021-09-28 is reas 
MISC 
A vulnerability of Helpcom could allow an unauthenticated attacker 
to execute arbitrary command. This vulnerability exists due to CVE-2020-7871 
pest =< helpeom insufficient validation of the parameter. This issue affects: Cnesty i LS MISC 
Helpcom 10.0 versions prior to. 
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use 
: pi query parameters to create a JSP file which is accessible from ne. CVE-2021-34427 
palipse Pir remote (current BIRT viewer dir) to inject JSP code into the ele ieee Ls CONFIRM 
running instance. 
FATEK Automation WinProladder Versions 3.30 and prior do not CVE-2021-32992 
fatek -- winproladder properly restrict operations within the bounds of a memory buffer, || 2021-06-29 ries MSC .OtOCS™S 
which may allow an attacker to execute arbitrary code. es 
FATEK Automation WinProladder Versions 3.30 and prior are CVE-2021-32988 
fatek -- winproladder vulnerable to an out-of-bounds write, which may allow an attacker || 2021-06-29 pas) MSC..OCOC~™S 
to execute arbitrary code. hae 
FATEK Automation WinProladder Versions 3.30 and prior are CVE-2021-32990 
fatek -- winproladder vulnerable to an out-of-bounds read, which may allow an attacker || 2021-06-29 715 MSC..OtOC~™SF 
to execute arbitrary code. baci 
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Primary ae P Cvss Source & Patch 
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Vulnerability in the CommandPost, Collector, and Sensor 
components of Fidelis Network and Deception enables an attacker 
with user level access to the CLI to inject root level commands CVE-2021-35047 
fidelissecurity -- deception into the component and neighboring Fidelis components. The 2021-06-25 9 CONFIRM 
vulnerability is present in Fidelis Network and Deception versions ear soa 
prior to 9.3.7 and in version 9.4. Patches and updates are 
available to address this vulnerability. 
Vulnerability in Fidelis Network and Deception CommandPost 
enables unauthenticated SQL injection through the web interface. 
The vulnerability could lead to exposure of authentication tokens CVE-2021-35048 
fidelissecurity -- deception in some versions of Fidelis software. The vulnerability is present in|} 2021-06-25 25 CONFIRM 
Fidelis Network and Deception versions prior to 9.3.7 and in ——— 
version 9.4. Patches and updates are available to address this 
Vulnerability. 
A remote code execution vulnerability exists in helpUS(remote CVE-2020-7868 
helpu -- helpu administration tool) due to improper validation of parameter of 2021-06-29 10 MISC... 
ShellExecutionExA function used for login. [arias 
‘There is a deserialization vulnerability in Huawei AnyOffice 
\V200RO006C10. An attacker can construct a specific request to CVE-2021-22439 
huawei -- anyoffice exploit this vulnerability. Successfully exploiting this vulnerability, 2021-06-29 9.3 MISC... 
the attacker can execute remote malicious code injection and to = 
control the device. 
Inkdrop versions prior to v5.3.1 allows an attacker to execute nin 
inkdrop -- inkdrop arbitrary OS commands on the system where it runs by loading a || 2021-06-28 9.3 MISC 
file or code snippet containing an invalid iframe into Inkdrop. MISC 
An improper input validation vulnerability of ZOOK software 
(remote administration tool) could allow a remote attacker to 
create arbitrary file. The ZOOK viewer has the "Tight file CMD" CVE-2020-7869 
igeteieen eer function to create file. An attacker could create and execute eel ieee 2 MISC 
arbitrary file in the ZOOK agent program using "Tight file CMD" 
without authority. 
A command injection vulnerability in MVISION EDR (MVEDR) 
epee prior to 3.4.0 allows an authenticated MVEDR administrator to ne. CVE-2021-31838 
micalie: =imulsion oak trigger the EDR client to execute arbitrary commands through ever teee 9 CONFIRM 
PowerShell using the EDR functionality 'execute reaction’. 
Peter ‘ Se) Oe Miniaudio 0.10.35 has a Double free vulnerability that could cause CVE-2021-34184 
miniaudio_project— miniaudio a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. || 2221-06-26 | 75 CONFIRM 
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp CVE-2021-35502 
misp -- misp in MISP 2.4.144 does not sanitize certain data related to generic- |} 2021-06-25 78 MISC... 
template:index. = 
a : CVE-2021-35514 
narou_project -- narou Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via 2021-06-28 75 MISG 
the title name or author name of a novel. MISC 
: : SQL Injection vulnerability in NavigateCMS 2.9 via the URL CVE-2020-23711 
Rewinebs- navigate cms encoded GET input category in navigate.php. aed dice Ls MISC 
online_pet_shop_web_application_piajggt. Pet Shop We App 1.0 is vulnerable to remote SQL injection! 5954 96-28 75 eee bose 
online_pet_shop_web_application pieesnellipioad —— MISC 
PandoraFMS <=7.54 allows arbitrary file upload, it leading to CVE-2021-34074 
pandorafms -- pandora_fms remote command execution via the File Manager. To bypass the 2021-06-25 £3 MISC... 
built-in protection, a relative path is used in the requests. rea 
. In certain devices of the Phoenix Contact AXL F BK and IL BK 
PRoenincomtacgh= : product families an undocumented password protected FTP 2021-06-25 12 eS ae 
axl_f_bk_pn_tps_xc_firmware : . CONFIRM 
access to the root directory exists. 
In Phoenix Contact FL SWITCH SMCS series products in multiple 
phoenixcontact -- versions if an attacker sends a hand-crafted TCP-Packet with the 2021-06-25 78 CVE-2021-21005 
fl_switch_smcs_16tx_firmware Urgent-Flag set and the Urgent-Pointer set to 0, the network stack —- CONFIRM 
will crash. The device needs to be rebooted afterwards. 
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all 
versions/variants are affected by a Denial-of-Service vulnerability. 
The communication protocols and device access do not feature 
. : : authentication measures. Remote attackers can use specially CVE-2021-33541 
phoenixcontact — ile1x0_firmware fated IP packets to cause a denial of service on the PLC's ee iees 18 CONFIRM 
network communication module. A successful attack stops all 
network communication. To restore the network connectivity the 
device needs to be restarted. The automation task is not affected. 
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has 
unsafe configuration handling that enables local privilege a 
: : escalation to NT AUTHORITY\SYSTEM. A non-privileged local Perret 
Securepoint — openvpn-client user can modify the OpenVPN configuration stored under BUA NDee28 i2 rare 
"%APPDATA%\Securepoint SSL VPN" and add a external script MISC. 
file that is executed as privileged user. (Camas 
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tenable -- nessus 


Nessus versions 8.13.2 and earlier were found to contain a 
privilege escalation vulnerability which could allow a Nessus 
administrator user to upload a specially crafted file that could lead 
ito gaining administrator privileges on the Nessus host. 


2021-06-29 


CVE-2021-20079 
MISC 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable use of hard-coded credentials vulnerability exists in 
multiple iw_* utilities. The device operating system contains an 
undocumented encryption password, allowing for the creation of 
custom diagnostic scripts. An attacker can send diagnostic scripts 
while authenticated as a low privilege user to trigger this 
Vulnerability. 


2021-06-25 


Ico 


CVE-2021-33531 
CONFIRM 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable privilege escalation vulnerability exists in the 
iw_console functionality. A specially crafted menu selection string 
can cause an escape from the restricted console, resulting in 
system access as the root user. An attacker can send commands 
while authenticated as a low privilege user to trigger this 
Vulnerability. 


2021-06-25 


Ico 


CVE-2021-33528 
CONFIRM 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in encrypted 
diagnostic script functionality of the devices. A specially crafted 
diagnostic script file can cause arbitrary busybox commands to be 
executed, resulting in remote control over the device. An attacker 
can send diagnostic while authenticated as a low privilege user to 
trigger this vulnerability. 


2021-06-25 


Ico 


CVE-2021-33530 
CONFIRM 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in the hostname 
functionality. A specially crafted entry to network configuration 
information can cause execution of arbitrary system commands, 
resulting in full control of the device. An attacker can send various 
requests while authenticated as a high privilege user to trigger this 
vulnerability. 


2021-06-25 


Io 


CVE-2021-33534 
CONFIRM 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in the iw_webs 
functionality. A specially crafted diagnostic script file name can 
cause user input to be reflected in a subsequent iw_system call, 
resulting in remote control over the device. An attacker can send 
commands while authenticated as a low privilege user to trigger 
this vulnerability. 


2021-06-25 


Ico 


ICVE-2021-33532 
CONFIRM 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in the iw_webs 
functionality. A specially crafted iw_serverip parameter can cause 
user input to be reflected in a subsequent iw_system call, resulting 
in remote control over the device. An attacker can send 
commands while authenticated as a low privilege user to trigger 
this vulnerability. 


2021-06-25 


Ico 


CVE-2021-33533 
CONFIRM 








weidmueller -- ie-wl-bl-ap-cl- 
eu_firmware 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable improper access control vulnerability exists in the 
iw_webs account settings functionality. A specially crafted user 
name entry can cause the overwrite of an existing user account 
password, resulting in remote shell access to the device as that 
user. An attacker can send commands while authenticated as a 
low privilege user to trigger this vulnerability. 


2021-06-25 


Ico 


CVE-2021-33538 
CONFIRM 








wincred_project -- wincred 


This affects all versions of package wincred. If attacker-controlled 
user input is given to the getCredential function, it is possible for 

an attacker to execute arbitrary commands. This is due to use of 
the child_process exec function without input sanitization. 


2021-06-28 


CVE-2021-23399 
MISC 
MISC 








zohocorp -- 
manageengine_adselfservice_plus 


Zoho ManageEngine ADSelfService Plus through 6101 is 
vulnerable to unauthenticated Remote Code Execution while 
changing the password. 


2021-06-25 


CVE-2021-28958 
MISC 
MISC 








zohocorp -- 
manageengine_servicedesk_plus_m 











Zoho ManageEngine ServiceDesk Plus MSP before 10521 is 
kyollnerable to Server-Side Request Forgery (SSRF). 











2021-06-29 











CVE-2021-31531 
CONFIRM 
MISC 
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adobe -- after_effects 


After Effects versions 18.0 (and earlier) are affected by an out-of- 
bounds read vulnerability that could lead to disclosure of sensitive 
memory. An attacker could leverage this vulnerability to bypass 
mitigations such as ASLR. Exploitation of this issue requires user 
interaction in that a victim must open a malicious file. 


2021-06-28 


CVE-2021-28587 
MISC 








adobe -- animate 


Adobe Animate version 21.0.5 (and earlier) is affected by an Out- 
of-bounds Read vulnerability when parsing a specially crafted file. 
An unauthenticated attacker could leverage this vulnerability to 
disclose sensitive information in the context of the current user. 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 


2021-06-28 


CVE-2021-28573 
MISC 








adobe -- connect 


Adobe Connect version 11.2.1 (and earlier) is affected by an 
Improper access control vulnerability that can lead to the elevation 
of privileges. An attacker with 'Learner' permissions can leverage 
this scenario to access the list of event participants. 


2021-06-28 


as 


CVE-2021-28579 
MISC 








adobe -- experience_manager 


AEM's Cloud Service offering, as well as versions 6.5.7.0 (and 
below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected 
by an Improper Access Control vulnerability. An unauthenticated 
attacker could leverage this vulnerability to cause an application 
denial-of-service in the context of the current user. 


2021-06-28 


In 


CVE-2021-21083 
MISC 








adobe -- experience_manager 


AEM's Cloud Service offering, as well as versions 6.5.7.0 (and 
below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected 
by a stored Cross-Site Scripting (XSS) vulnerability that could be 
abused by an attacker to inject malicious scripts into vulnerable 
form fields. Malicious JavaScript may be executed in a victim’s 
browser when they browse to the page containing the vulnerable 
field. 


2021-06-28 


CVE-2021-21084 
MISC 








apache -- traffic_server 


Improper Input Validation vulnerability in HTTP/2 of Apache Traffic 
Server allows an attacker to DOS the server. This issue affects 
Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 


2021-06-30 


In 


CVE-2021-32567 
MISC 








apache -- traffic_server 


Improper Input Validation vulnerability in HTTP/2 of Apache Traffic 
Server allows an attacker to DOS the server. This issue affects 
Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 


2021-06-30 


In 


CVE-2021-32566 
MISC 








authO -- nextjs-authO 


The AuthO Next.js SDK is a library for implementing user 
authentication in Next.js applications. Versions before and 
including °1.4.1° are vulnerable to reflected XSS. An attacker can 
execute arbitrary code by providing an XSS payload in the ‘error 
query parameter which is then processed by the callback handler 
as an error message. You are affected by this vulnerability if you 
are using “@auth0/nextjs-authO’ version “1.4.1° or lower 
**unless** you are using custom error handling that does not 
return the error message in an HTML response. Upgrade to 
version °1.4.1° to resolve. The fix adds basic HTML escaping to 
ithe error message and it should not impact your users. 


2021-06-25 


CVE-2021-32702 
MISC 

CONFIRM 

MISC 








autodesk -- advance_steel 


A maliciously crafted DWG file can be forced to read beyond 
allocated boundaries when parsing the DWG file. This vulnerability 
can be exploited to execute arbitrary code. 


2021-06-25 


CVE-2021-27040 
MISC 








autodesk -- advance_steel 


A maliciously crafted DWG file can be used to write beyond the 
allocated buffer while parsing DWG files. This vulnerability can be 
exploited to execute arbitrary code. 


2021-06-25 


CVE-2021-27041 
MISC 








autodesk -- advance_steel 


[A maliciously crafted DWG file can be used to write beyond the 
allocated buffer while parsing DWG files. The vulnerability exists 
because the application fails to handle a crafted DWG file, which 
causes an unhandled exception. An attacker can leverage this 
vulnerability to execute arbitrary code. 


2021-06-25 


CVE-2021-27042 
MISC 








autodesk -- advance_steel 


An Arbitrary Address Write issue in the Autodesk DWG application 
can allow a malicious user to leverage the application to write in 
unexpected paths. In order to exploit this the attacker would need 
the victim to enable full page heap in the application. 


2021-06-25 


CVE-2021-27043 
MISC 








avaya -- aura_device_services 


An arbitrary code execution vulnerability was discovered in Avaya 
Aura Device Services that may potentially allow a local user to 
execute specially crafted scripts. Affects 7.0 through 8.1.4.0 
versions of Avaya Aura Device Services. 


2021-06-25 


CVE-2021-25654 
MISC 








cisco -- dna_center 








A vulnerability in the Cisco Identity Services Engine (ISE) 
integration feature of the Cisco DNA Center Software could allow 
an unauthenticated, remote attacker to gain unauthorized access 
ito sensitive data. The vulnerability is due to an incomplete 
validation of the X.509 certificate used when establishing a 
connection between DNA Center and an ISE server. An attacker 
could exploit this vulnerability by supplying a crafted certificate 
and could then intercept communications between the ISE and 
DNA Center. A successful exploit could allow the attacker to view 
and alter sensitive information that the ISE maintains about clients 
that are connected to the network. 











2021-06-29 








CVE-2021-1134 
CISCO 
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the and cause the server to crash. IBM X-Force ID: 199249. 
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SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CVE-2020-21394 
crmeb -- crmeb CRMEB mall system V2.60 and V3.1 via the tablename parameter|| 2021-06-29 6.5 ic 
in SystemDatabackup.php. (canaeaigad 
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled CVE-2020-28200 
dovecot -- dovecot Resource Consumption, as demonstrated by a situation with a 2021-06-28 4 MISC 
complex regular expression for the regex extension. CONFIRM 
The submission service in Dovecot before 2.3.15 allows CVE-2021-33515 
dovecot -- dovecot STARTTLS command injection in lib-smtp. Sensitive information 2021-06-28 5.8 MISC 
can be redirected to an attacker-controlled address. CONFIRM 
: Cross Site Scripting vulnerability in Enhancesoft osTicket before CVE-2020-22608 
PHHaneesom Csieket \v1.12.6 via the queue-name parameter to include/ajax.search.php. cealbatald 4.3 CONFIRM 
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket CVE-2020-22609 
enhancesoft -- osticket before v1.12.6 via the queue-name parameter in 2021-06-28 4.3 CONFIRM 
include/class.queue.php. =r 
User credentials stored in a recoverable format within Fidelis 
Network and Deception CommandPost. In the event that an 
attacker gains access to the CommandPost, these values could CVE-2021-35050 
fidelissecurity -- deception be decoded and used to login to the application. The vulnerability || 2021-06-25 5 CONFIRM 
is present in Fidelis Network and Deception versions prior to 9.3.3. = = 
‘This vulnerability has been addressed in version 9.3.3 and 
subsequent versions. 
Vulnerability in Fidelis Network and Deception CommandPost 
enables authenticated command injection through the web 
interface. The vulnerability could allow a specially crafted HTTP 
ae ee. : request to execute system commands on the CommandPost and 6. CVE-2021-35049 
idelissBeumiy-AneepHon return results in an HTTP response in an authenticated session. aoe eee 6.5 CONFIRM 
The vulnerability is present in Fidelis Network and Deception 
versions prior to 9.3.7 and in version 9.4. Patches and updates 
are available to address this vulnerability. 
An attacker can craft a specific IdaPro *.i64 file that will cause the 
are BinDiff plugin to load an invalid memory offset. This can allow the CVE-2021-22545 
google — bindift attacker to control the instruction pointer and execute arbitrary eluee? 46 MISC 
code. It is recommended to upgrade BinDiff 7 
There is an XXE injection vulnerability in eCNS280 V100RO005C00 
and V100R005C10. A module does not perform the strict CVE-2021-22338 
huawei -- ecns280_ firmware operation to the input XML message. Attacker can send specific 2021-06-29 5 MISC. — 
message to exploit this vulnerability, leading to the module denial leeepaeens 
of service. 
‘There is an Information Disclosure Vulnerability in Huawei 
huawei -- emui Smartphone. Successful exploitation of this vulnerability may 2021-06-30 6.4 — 
cause out-of-bounds read. ———— 
There is a memory leak vulnerability in Huawei products. A 
resource management weakness exists in a module. Attackers 
with high privilege can exploit this vulnerability by performing 
some operations. This can lead to memory leak. Affected product 
versions include:IPS Module 
V500RO05CO0SPC100,V500RO05CO0SPC200;NGFW Module 
Kigawal ine: module Anmware V500RO05CO0SPC100,V500RO05CO00SPC200;NIP6300 2021-06-29 4 CVE-2021-22341 
Ps_| = 500RO05CO0SPC100,V500R005C10SPC200;NIP6600 = MISC 
V500RO05C00SPC100,V500RO05CO0SPC200;Secospace 
USG6300 
500RO05CO0SPC100,V500RO05CO00SPC200;Secospace 
USG6500 
\V500RO05CO0SPC100,V500R005C10SPC200;Secospace 
USG6600 V500RO05C00SPC100,V500RO05CO00SPC200. 
IBM Business Automation Workflow 19.0.03 and 20.0 and IBM 
Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable CVE-2021-29775 
ibm -- to cross-site scripting. This vulnerability allows users to embed 2021-06-28 43 CONFIRM 
business_automation_workflow arbitrary JavaScript code in the Web UI thus altering the intended —— CONFIRM 
functionality potentially leading to credentials disclosure within a XF 
trusted session. IBM X-Force ID: 203029. 
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a 
remote attacker to obtain sensitive information when a detailed CVE-2021-20413 
ibm -- guardium_data_encryption __|/technical error message is returned in the browser. This 2021-06-28 5 XE 
information could be used in further attacks against the system. CONFIRM 
IBM X-Force ID: 196212. 
IBM Planning Analytics 2.0 could be vulnerable to cross-site 
; ; ' request forgery (CSRF) which could allow an attacker to execute CVE-2021-20580 
ibm -- planning_analytics a . : f 2021-06-29 4.3 CONFIRM 
malicious and unauthorized actions transmitted from a user that XE 
the website trusts. IBM X-Force ID: 198241. bas 
IBM Security Identity Manager Adapters 6.0 and 7.0 are ? : 
ibm -- vulnerable to a heap-based buffer overflow, caused by improper 2021-06-28 4 ae 
security_identity_manager_adapter ||bounds checking. A remote authenticated attacker could overflow = XE! 
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IBM Security Identity Manager Adapters 6.0 and 7.0 are c 3 
ibm -- vulnerable to a stack-based buffer overflow, caused by improper 2021-06-28 4 ae 
security_identity_manager_adapter ||bounds checking. A remote authenticated attacker could overflow = XE! 
the and cause the server to crash. IBM X-Force ID: 199247. (eas 
IBM Security Identity Manager Adapters 6.0 and 7.0 are 
ibm -- vulnerable to a heap based buffer overflow, caused by improper 2021-06-28 ri oe 
security_identity_manager_adapter ||bounds. An authenticared user could overflow the buffer and = XE! 
cause the service to crash. IBM X-Force ID: 197882. ina 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) : : 
ibm — security_verify could disclose sensitive information through an HTTP GET 2021-06-25 4 ee 
y request by a privileged user due to improper input validation.. IBM CONFIRM 
X-Force ID: 199396. (acciaigcecesnaca 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is 
vulnerable to link injection. By persuading a victim to click ona 3 : 
ibm -- security_verify specially-crafted URL link, a remote attacker could exploit this 2021-06-25 58 Le 
y— vulnerability to conduct various attacks against the vulnerable ae CONFIRM 
system, including cross-site scripting, cache poisoning or session eee 
hijacking 
ibn IBM Security Sevret Server (IBM Security Verify Privilege CVE-2020-4610 
eacuriti-veniy: prvilede-manadee Manager 10.8.2 ) could allow a local user to execute code due to 2021-06-25 4.6 XF 
y_verily_privilege_manager |i oroper integrity checks. IBM X-Force ID: 184919. CONFIRM 
IBM Security Sevret Server (IBM Security Verify Privilege 
bine: Manager 10.8.2) is vulnerable to a buffer overflow, caused by CVE-2020-4609 
security verify privilege. manager improper bounds checking. A local attacker could overflow a 2021-06-25 4.6 XF 
y y_P ge_ g buffer and execute arbitrary code on the system or cause the CONFIRM 
system to crash. IBM X-Force ID: 184917. 
ImageMagick 7.0.11-14 has a memory leak in 
imagemagick -- imagemagick AcquireSemaphoreMemory in semaphore.c and 2021-06-25 5 era nn 
AcquireMagickMemory in memory.c. a 
infoblox-=inioe Infoblox NIOS before 8.5.2 allows entity expansion during an XML 2021-06-28 4 1 anna 
upload operation, a related issue to CVE-2003-1564. e MISC 
ee Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the |Pfire na! CVE-2020-21142 
ipare res ipnke web UI in the mail.cgi. 2021-06-28 | 43 wise 
: CVE-2021-34824 
istio - istio Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access 2021-06-29 6.5 MISC 
Control. MISC 
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via 
limesurvey -- limesurvey the (1) name and (2) description parameters in 2021-06-28 4.3 a aaa 
application/controllers/admin/PermissiontemplatesController.php. ee 
Machform prior to version 16 is vulnerable to stored cross-site CVE-2021-20103 
machform -- machform scripting due to insufficient sanitization of file attachments 2021-06-29 4.3 MISC... 
uploaded with forms through upload.php. lagers 
Machform prior to version 16 is vulnerable to an open redirect in CVE-2021-20105 
praehianiny = amacnreyn Safari_init.php due to an improperly sanitized 'ref' parameter. peepee | 5.8 MISC 
Machform prior to version 16 is vulnerable to HTTP host header CVE-2021-20101 
machform -- machform injection due to improperly validated host headers. This could 2021-06-29 5:8 MISC... 
cause a victim to receive malformed content. aaa 
Machform prior to version 16 is vulnerable to cross-site request CVE-2021-20102 
machieinmachione forgery due to a lack of CSRF tokens in place. esl tieediaia | 8.8 MISC 
Machform prior to version 16 is vulnerable to unauthenticated CVE-2021-20104 
machform -- machform remote code execution due to insufficient sanitization of file 2021-06-29 6.8 i 
attachments uploaded with forms through upload.php. bees 
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 
2.3.6-p1 (and earlier) are affected by an Improper Authorization 
vulnerability via the 'Create Customer’ endpoint. Successful CVE-2021-28563 
Magento hedenia exploitation could lead to unauthorized modification of customer adetie-2e 84 MISC 
data by an unauthenticated attacker. Access to the admin console 
is required for successful exploitation. 
CVE-2021-35513 
mermaid_project -- mermaid Mermaid before 8.11.0 allows XSS when the antiscript feature is 2021-06-27 43 MISC 
used. MISC 
MISC 
tae 8 : ee Miniaudio 0.10.35 has an integer-based buffer overflow caused by CVE-2021-34185 
miniaudio_project — miniaudio an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h || 2021-06-26 68 CONFIRM 
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miraheze -- globalnewfiles 


GlobalNewFiles is a mediawiki extension. All existing versions of 
GlobalNewFiles are affected by an uncontrolled resource 
consumption vulnerability. A large amount of page moves within a 
short space of time could overwhelm Database servers due to 
improper handling of load balancing and a lack of an appropriate 
index. No patches are currently available. As a workaround, one 
may avoid use of the extension unless additional rate limit at the 
MediaWiki level or via PoolCounter / MySQL is enabled. 


2021-06-28 


as 


CVE-2021-32722 
CONFIRM 
MISC 








nvidia -- geforce_experience 


NVIDIA GeForce Experience, all versions prior to 3.23, contains a 
vulnerability where, if a user clicks on a maliciously formatted link 
that opens the GeForce Experience login page in a new browser 
tab instead of the GeForce Experience application and enters their 
login information, the malicious site can get access to the token of 
the user login session. Such an attack may lead to these targeted 
users’ data being accessed, altered, or lost. 


2021-06-25 


CVE-2021-1073 
CONFIRM 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop Build 
16.6.4.55. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of CGM files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a write past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13679. 


2021-06-29 


CVE-2021-31514 
MISC 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
‘The specific flaw exists within the parsing of CGM files. The issue 
results from the lack of proper validation of the length of user- 
supplied data prior to copying it to a stack-based buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-12653. 


2021-06-29 


CVE-2021-31507 
MISC 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to disclose sensitive 
information on affected installations of OpenText Brava! Desktop 
Build 16.6.4.55. User interaction is required to exploit this 
vulnerability in that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the parsing of PDF 
files. The issue results from the lack of proper validation of user- 
supplied data, which can result in a read past the end of an 
allocated data structure. An attacker can leverage this in 
conjunction with other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN-13674. 


2021-06-29 


CVE-2021-31506 
MISC 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of DXF files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a write past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13306. 


2021-06-29 


CVE-2021-31508 
MISC 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop Build 
16.6.4.55. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of BMP files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a write past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13678. 


2021-06-29 


CVE-2021-31513 
MISC 








opentext -- brava\!_desktop 











This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop Build 
16.6.4.55. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of TIF files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a read past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13677. 








2021-06-29 











CVE-2021-31512 
MISC 
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opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of DXF files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a write past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13309. 


2021-06-29 


CVE-2021-31509 
MISC 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop Build 
16.6.4.55. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of TIF files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a read past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13675. 


2021-06-29 


CVE-2021-31510 
MISC 








opentext -- brava\!_desktop 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop Build 
16.6.4.55. User interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open a malicious file. 
The specific flaw exists within the parsing of PDF files. The issue 
results from the lack of proper validation of user-supplied data, 
which can result in a write past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13676. 


2021-06-29 


CVE-2021-31511 
MISC 








oracle -- glassfish_server 


** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish 
Server 3.1.2.18 and below allows 
/commoni/logViewer/logViewer.jsf XSS. A malicious user can 
cause an administrator user to supply dangerous content to the 
vulnerable page, which is then reflected back to the user and 
executed by the web browser. The most common mechanism for 
delivering malicious content is to include it as a parameter in a 
URL that is posted publicly or e-mailed directly to victims. NOTE: 
This vulnerability only affects products that are no longer 
supported by the maintainer. 


2021-06-25 


CVE-2021-3314 
MISC 
MISC 








phoenixcontact -- config 


Phoenix Contact Classic Automation Worx Software Suite in 
Version 1.87 and below is affected by a remote code execution 
vulnerability. Manipulated PC Worx or Config+ projects could lead 
ito a remote code execution when unallocated memory is freed 
because of incompletely initialized data. The attacker needs to get 
access to an original bus configuration file (*.bcp) to be able to 
manipulate data inside. After manipulation the attacker needs to 
exchange the original file by the manipulated one on the 
application programming workstation. Availability, integrity, or 
confidentiality of an application programming workstation might be 
compromised by attacks using these vulnerabilities. Automated 
systems in operation which were programmed with one of the 
above-mentioned products are not affected. 


2021-06-25 


CVE-2021-33542 
CONFIRM 








phoenixcontact -- 


In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a 
invalid Modbus exception response can lead to a temporary denial 


fl_comserver_uni_232V/422V/485_fi riware 


of Service. 


2021-06-25 


In 


CVE-2021-21002 
CONFIRM 








phoenixcontact -- 
fl_switch_smcs_16tx_firmware 


In Phoenix Contact FL SWITCH SMCS series products in multiple 
versions fragmented TCP-Packets may cause a Denial of Service 
of Web-, SNMP- and ICMP-Echo services. The switching 
functionality of the device is not affected. 


2021-06-25 


In 


CVE-2021-21003 
CONFIRM 








phoenixcontact -- 
fl_switch_smcs_16tx_firmware 


In Phoenix Contact FL SWITCH SMCS series products in multiple 
versions an attacker may insert malicious code via LLDP frames 
into the web-based management which could then be executed by 
the client. 


2021-06-25 


CVE-2021-21004 
CONFIRM 








postsrsd_project -- postsrsd 


PostSRSd before 1.11 allows a denial of service (subprocess 
hang) if Postfix sends certain long data fields such as multiple 
concatenated email addresses. NOTE: the PostSRSd maintainer 
acknowledges "theoretically, this error should never occur ... I'm 
not sure if there's a reliable way to trigger this condition by an 
external attacker, but it is a security bug in PostSRSd 
nevertheless." 


2021-06-28 


In 


CVE-2021-35525 
MISC 
MISC 
MISC 








poweriso -- poweriso 





[A memory corruption vulnerability exists in the DMG File Format 
Handler functionality of PowerlSO 7.9. A specially crafted DMG 
file can lead to an out-of-bounds write. An attacker can provide a 
malicious file to trigger this vulnerability. The vendor fixed it in a 
bug-release of the current version. 














2021-06-29 








CVE-2021-21871 
MISC 
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prismjs -- prism 


Prism is a syntax highlighting library. Some languages before 
1.24.0 are vulnerable to Regular Expression Denial of Service 
(ReDoS). When Prism is used to highlight untrusted (user-given) 
text, an attacker can craft a string that will take a very very long 
time to highlight. This problem has been fixed in Prism v1.24. As a 
workaround, do not use ASCIIDoc or ERB to highlight untrusted 
text. Other languages are not affected and can be used to 
highlight untrusted text. 


2021-06-28 


CVE-2021-32723 
CONFIRM 

MISC 

MISC 








python -- urllib3 


An issue was discovered in urllib3 before 1.26.5. When provided 
with a URL containing many @ characters in the authority 
component, the authority regular expression exhibits catastrophic 
backtracking, causing a denial of service if a URL were passed as 
a parameter or redirected to via an HTTP redirect. 


2021-06-29 


In 


CVE-2021-33503 
CONFIRM 
CONFIRM 








shopex -- ecshop 


Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to 
security filtering issues, in the user.php file, we can use the html 
entity encoding to bypass the security policy of the safety.php file, 
triggering the xss vulnerability. 


2021-06-28 


CVE-2020-20640 
MISC 








siemens -- 
sinamics_sl150_firmware 


The Telnet service of the SIMATIC HMI Comfort Panels system 
component in affected products does not require authentication, 
which may allow a remote attacker to gain access to the device if 
the service is enabled. Telnet is disabled by default on the 
SINAMICS Medium Voltage Products (SINAMICS SL150: All 
versions, SINAMICS SM150: All versions, SINAMICS SM150i: All 
versions). 


2021-06-28 


CVE-2021-31337 
MISC 








sylius -- sylius 


Sylius is an Open Source eCommerce platform on top of Symfony. 
In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the 
details (order ID, order number, items total, and token value) of all 
placed orders were exposed to unauthorized users. If exploited 
properly, a few additional information like the number of items in 
the cart and the date of the shipping may be fetched as well. This 
data seems to not be crucial nor is personal data, however, could 
be used for sociotechnical attacks or may expose a few details 
about shop condition to the third parties. The data possible to 
aggregate are the number of processed orders or their value in 
the moment of time. The problem has been patched at Sylius 
1.9.5 and 1.10.0-RC.1. There are a few workarounds for the 
vulnerability. The first possible solution is to hide the problematic 
endpoints behind the firewall from not logged in users. This would 
put only the order list under the firewall and allow only authorized 
users to access it. Once a user is authorized, it will have access to 
theirs orders only. The second possible solution is to decorate the 


2021-06-28 


*\Sylius\Bundle\ApiBundle\Doctrine\QueryCollectionExtension\OrdeérsByLoggedIn 


and throw 


*Symfony\Component\Security\Core\Exception\AccessDeniedException” 


if the class is executed for unauthorized user. 


In 


serExtensio 


CVE-2021-32720 
CONFIRM 
MISC 








Nessus Agent 8.2.4 and earlier for Windows were found to contain 
multiple local privilege escalation vulnerabilities which could allow 


CVE-2021-20100 
































existence of an object prior to performing operations on the object. 
An attacker can leverage this vulnerability to execute code in the 





context of the current process. Was ZDI-CAN-13670. 

















tenable -- nessus an authenticated, local administrator to run specific Windows 2021-06-28 4.6 MISC 

executables as the Nessus host. This is different than CVE-2021- wore 

20099. 

Nessus Agent 8.2.4 and earlier for Windows were found to contain 

multiple local privilege escalation vulnerabilities which could allow CVE-2021-20099 
tenable -- nessus an authenticated, local administrator to run specific Windows 2021-06-28 4.6 MISC... 

executables as the Nessus host. This is different than CVE-2021- reraeee 

20100. 
nibrace:unibraée “cis Umbraco CMS before 7.15.7 is vulnerable to Open Redirection 2021-06-28 | 58 CVE-2021-34254 

= due to insufficient url sanitization on booting.aspx. MISC 

[A memory corruption vulnerability exists when ezPDF improperly CVE-2020-7870 
unidocs -- ezpdf_editor handles the parameter. This vulnerability exists due to insufficient || 2021-06-29 6.5 MISC... 

validation of the parameter. caer 

This vulnerability allows remote attackers to execute arbitrary 

code on affected installations of Vector 35 Binary Ninja 2.3.2660 

(Build ID 88f343c3). User interaction is required to exploit this 

vulnerability in that the target must visit a malicious page or open CVE-2021-31516 
vector365 -- binary_ninja a malicious file. The specific flaw exists within the parsing of 2021-06-29 6.8 MISC 

BNDB files. The issue results from the lack of validating the MISC 
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Vendor -- Product Beechpien Published Score Info 
This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of Vector 35 Binary Ninja 2.3.2660 
(Build ID 88f343c3). User interaction is required to exploit this 
vulnerability in that the target must visit a malicious page or open 
WoataseeSiieee nina a malicious file. The specific flaw exists within the parsing of 2021-06-29 68 7 ames 
ry_nin} BNDB files. The issue results from the lack of proper validation of <7 MISC 
user-supplied data, which can result in a read past the end of an ———— 
allocated data structure. An attacker can leverage this vulnerability 
ito execute code in the context of the current process. Was ZDI- 
CAN-13668. 
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 
5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a 
Denial-of-Service (DoS) attack via the initiation of the 
NinWarel<“Spnnd: Securit Authorization Request in an OAuth 2.0 Client Web and WebFlux 2021-06-29 5 CVE-2021-22119 
pring_ y application. A malicious user or attacker can send multiple * MISC 
requests initiating the Authorization Request for the Authorization 
Code Grant, which has the potential of exhausting system 
resources using a single session or multiple sessions. 
webport_cms_ project -- Directory Traversal vulnerability in Webport CMS 1.19.10.17121 2021-06-28 5 CVE-2020-23715 
webport_cms via the file parameter to file/download. * MISC 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable denial-of-service vulnerability exists in ServiceAgent 
weidmueller -- ie-wl-bl-ap-cl- functionality. A specially crafted packet can cause an integer 2021-06-25 5 CVE-2021-33536 
eu_firmware underflow, triggering a large memcpy that will access unmapped = CONFIRM 
or out-of-bounds memory. An attacker can send this packet while 
unauthenticated to trigger this vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable format string vulnerability exists in the iw_console 
weidmueller -- ie-wl-bl-ap-cl- conio_writestr functionality. A specially crafted time server entry 2021-06-25 6.5 CVE-2021-33535 
eu_firmware can cause an overflow of the time server buffer, resulting in ae CONFIRM 
remote code execution. An attacker can send commands while 
authenticated as a low privilege user to trigger this vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions the 
weidmueller -- ie-wl-bl-ap-cl- usage of hard-coded cryptographic keys within the service agent 2021-06-25 5 CVE-2021-33529 
eu_firmware binary allows for the decryption of captured traffic across the 7 CONFIRM 
network from or to the device. 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable authentication bypass vulnerability exists in the 
weidmueller -- ie-wl-bl-ap-cl- hostname processing. A specially configured device hostname 2021-06-25 6.5 CVE-2021-33539 
eu_firmware can cause the device to interpret selected remote traffic as local i CONFIRM 
traffic, resulting in a bypass of web authentication. An attacker can 
send authenticated SNMP requests to trigger this vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable remote code execution vulnerability exists in the 
; : iw_webs configuration parsing functionality. A specially crafted 
tag nani ~- le-wi-bl-ap-cl- user name entry can cause an overflow of an error message 2021-06-25 6.5 ou. 
oa buffer, resulting in remote code execution. An attacker can send a 
commands while authenticated as a low privilege user to trigger 
this vulnerability. 
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows 
remote attackers to execute arbitrary web script or HTML via CVE-2021-35298 
ealamiad -eamiied multiple models that contain a 'note' field to store additional ene eee 4.3 CONFIRM 
information. 
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up CVE-2021-35300 
Zammad -- zammad to 4.0.0 could allow remote attackers to manipulate users into 2021-06-28 4.3 CONFIRM 
visiting the attackers’ page. (siccecasacaearacats 
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows CVE-2021-35303 
Zammad -- zammad remote attackers to execute arbitrary web script or HTML via the 2021-06-28 4.3 CONFIRM! 
User Avatar attribute. ee 
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to CVE-2021-35302 
Amn een 4.0.0 allows remote attackers to obtain sensitive information. eral verbs | 5 CONFIRM 
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows CVE-2021-35301 
Zammad -- zammad remote attackers to obtain sensitive information via the Ticket 2021-06-28 5 CONFIRM 
Article detail view. es 
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows CVE-2021-35299 
Zammad -- zammad attackers to obtain sensitive information via email connection 2021-06-28 5 AALS 
: : . CONFIRM 
configuration probing. 
zohocorp -- Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows — 
: : , 2021-06-29 5 CONFIRM 
manageengine_servicedesk_plus _ ||an attacker to access internal data. MISC 
zohocorp -- Zoho ManageEngine ServiceDesk Plus MSP before 10522 is 2021-06-29 5 CVE-2021-31530 
manageengine_servicedesk_plus_mjspilnerable to Information Disclosure. a CONFIRM 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e6e1ab 


10/27 








7/6/2021 


Vulnerability Summary for the Week of June 28, 2021 



































































































































Primary ae ; Cvss Source & Patch 
Vendor -- Product Descnprion Pipienes | Score Info 
7 Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) es CVE-2020-18066 
io ened userName and (2) email parameters in post/addComment. prev aeee 4.3 MISC 
Back to top 
Low Vulnerabilities 
Primary oe : Cvss Source & Patch 
Vendor -- Product Desenplon Published Score Info 
Adobe Photoshop Elements version 5.2 (and earlier) is affected by 
an insecure temporary file creation vulnerability. An CVE-2021-28597 
adobe -- photoshop_elements unauthenticated attacker could leverage this vulnerability to call 2021-06-28 2c MISC..OC~™S 
functions against the installer to perform high privileged actions. —— 
Exploitation of this issue does not require user interaction. 
Adobe Premiere Elements version 5.2 (and earlier) is affected by 
an insecure temporary file creation vulnerability. An CVE-2021-28623 
adobe -- premiere_elements unauthenticated attacker could leverage this vulnerability to call 2021-06-28 al MISC..OC~—S 
functions against the installer to perform high privileged actions. pF 
Exploitation of this issue does not require user interaction. 
Unencrypted Bluetooth Low Energy baseband links in Bluetooth 
Core Specifications 4.0 through 5.2 may permit an adjacent 
device to inject a crafted packet during the receive window of the CVE-2021-31615 
bluetooth -- listening device before the transmitting device initiates its packet 2021-06-25 29 MISC... 
bluetooth_core_specification transmission to achieve full MITM status without terminating the cos MISC 
link. When applied against devices establishing or using encrypted leanne 
links, crafted packets may be used to terminate an existing link, 
but will not compromise the confidentiality or integrity of the link. 
CVE-2021-20746 
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 MISC 
cabrerahector -- popular_posts and earlier allows a remote authenticated attacker to inject an 2021-06-28 35 MISC 
arbitrary script via unspecified vectors. MISC 
MISC 
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with 
access to the local filesystem can trick OAuth2 authentication into CVE-2021-29157 
dovecot -- dovecot using an HS256 validation key from an attacker-controlled 2021-06-28 2.1 MISC 
location. This occurs during use of local JWT validation with the CONFIRM 
posix fs driver. 
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in CVE-2021-29693 
ibm -- aix the with elevated group privileges to cause a denial of service due || 2021-06-28 Pal XE 
ito a vulnerability in the Ipd daemon. IBM X-Force ID: 200255. CONFIRM 
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM CVE-2021-29751 
ibm -- Business Process Manager 8.5 and 8.6 could allow an 2021-06-28 3.5 CONFIRM 
business_automation_workflow authenticated user to obtain sensitive information about another — CONFIRM 
user under nondefault configurations. IBM X-Force ID: 201779. XE 
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. 
This vulnerability allows users to embed arbitrary JavaScript code CVE-2021-20477 
ibm -- planning_analytics in the Web UI thus altering the intended functionality potentially 2021-06-29 35 CONFIRM 
leading to credentials disclosure within a trusted session. IBM X- XF 
Force ID: 196949. 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is 
vulnerable to cross-site scripting. This vulnerability allows users to CVE-2021-29677 
ibm -- security_verify embed arbitrary JavaScript code in the Web UI thus altering the 2021-06-25 3.5 CONFIRM 
intended functionality potentially leading to credentials disclosure XF 
within a trusted session. 
IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a CVE-2021-20490 
ibm -- spectrum_protect_plus local user to cause a denial of service due to insecure file 2021-06-29 2A CONFIRM 
permission settings. IBM X-Force ID: 197791. XE 
, _ Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on SNe CVE-2020-23710 
URE Sa vey = lIMeeUnay textbox via the Notifications & data feature. eres a8 MISC 
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 
2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site 
- Scripting vulnerability on mage-messages cookies. Successful 6. CVE-2021-28556 
Agente INEZente exploitation could lead to arbitrary JavaScript execution by an ene 3.5 MISC 
unauthenticated attacker. User interaction is required for 
successful exploitation. 
PandoraFMS <=7.54 allows Stored XSS by placing a payload in CVE-2021-35501 
pandorafms -- pandora_fms the name field of a visual console. When a user or an 2021-06-25 3.5 MISC... 
administrator visits the console, the XSS payload will be executed. icmieseaens 
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the CVE-2021-35959 
plone -- plone folder contents view, if a Contributor has created a folder with a 2021-06-30 3.5 MISC 











SCRIPT tag in the description field. 
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sas -- environment_manager 


SAS Environment Manager 2.5 allows XSS through the Name 
field when creating/editing a server. The XSS will prompt when 
editing the Configuration Properties. 


2021-06-25 


CVE-2021-35475 


MISC 
MISC 
MISC 








sick -- visionary-s_cx_firmware 


SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to 
an Inadequate Encryption Strength vulnerability concerning the 
internal SSH interface solely used by SICK for recovering returned 
devices. The use of weak ciphers make it easier for an attacker to 
break the security that protects information transmitted from the 
client to the SSH server, assuming the attacker has access to the 
network on which the device is connected. This can increase the 
risk that encryption will be compromised, leading to the exposure 
of sensitive user information and man-in-the-middle attacks. 


2021-06-28 


CVE-2021-32496 
MISC 








tripplite -- su2200rtxl2ua_firmware 


A stored cross-site scripting (XSS) vulnerability was discovered in 
/Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with 
firmware version 12.04.0055. This vulnerability allows 
authenticated attackers to obtain other users’ information via a 
crafted POST request. 


2021-06-25 


CVE-2020-26801 
MISC 
MISC 
MISC 








vmware -- rabbitmq 


RabbitMQ is a multi-protocol messaging broker. In rabbitmq- 
server prior to version 3.8.17, a new user being added via 
management UI could lead to the user's bane being rendered ina 
confirmation message without proper *<script>* tag sanitization, 
potentially allowing for JavaScript code execution in the context of 
the page. In order for this to occur, the user must be signed in and 
have elevated permissions (other user management). The 
vulnerability is patched in RabbitMQ 3.8.17. As a workaround, 
disable ‘rabbitmgq_management’ plugin and use CLI tools for 
management operations and Prometheus and Grafana for metrics 
and monitoring. 


2021-06-28 


CVE-2021-32718 
CONFIRM 
MISC 











vmware -- rabbitmq 








RabbitMQ is a multi-protocol messaging broker. In rabbitmq- 
server prior to version 3.8.18, when a federation link was 
displayed in the RabbitMQ management UI via the 
*rabbitmq_federation_management’ plugin, its consumer tag was 
rendered without proper <script> tag sanitization. This potentially 
allows for JavaScript code execution in the context of the page. 
‘The user must be signed in and have elevated permissions 
(manage federation upstreams and policies) for this to occur. The 
vulnerability is patched in RabbitMQ 3.8.18. As a workaround, 
disable the ‘rabbitmq_federation_management® plugin and use 
[CLI tools](https://www.rabbitmq.com/cli.html) instead. 








2021-06-28 











CVE-2021-32719 
MISC 

CONFIRM 

MISC 
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adobe -- acrobat_reader_dc 


Acrobat Reader DC versions versions 2021.001.20150 (and 
earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and 
earlier) are affected by a Use After Free vulnerability when 
executing search queries through Javascript. An unauthenticated 
attacker could leverage this vulnerability to achieve arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 
malicious file. 


2021-06-28 


not yet 
calculated 


CVE-2021-28562 
MISC 








adobe -- animate 


Adobe Animate version 21.0.5 (and earlier) is affected by an Out- 
of-bounds Read vulnerability when parsing a specially crafted file. 
An unauthenticated attacker could leverage this vulnerability to 
disclose sensitive information in the context of the current user. 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 


2021-06-28 


not yet 
calculated 


CVE-2021-28575 
MISC 








adobe -- animate 


Adobe Animate version 21.0.5 (and earlier) is affected by an Out- 
of-bounds Read vulnerability when parsing a specially crafted file. 
An unauthenticated attacker could leverage this vulnerability to 
disclose sensitive information in the context of the current user. 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 


2021-06-28 


not yet 
calculated 


CVE-2021-28574 
MISC 











adobe -- animate 








Adobe Animate version 21.0.5 (and earlier) is affected by an Out- 
of-bounds Read vulnerability when parsing a specially crafted file. 
An unauthenticated attacker could leverage this vulnerability to 
disclose sensitive information in the context of the current user. 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 








2021-06-28 





not yet 
calculated 








CVE-2021-28576 
MISC 
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‘Traversal vulnerability when parsing a specially crafted file. An 


Adobe Illustrator version 25.2 (and earlier) is affected by a Path 











Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 


adobe -- illustrator unauthenticated attacker could leverage this vulnerability to 2021-06-28 not yet |CVE-2021-21102 
achieve arbitrary code execution in the context of the current user. calculated |MISC 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 
Adobe Illustrator version 25.2 (and earlier) is affected by an Out- 
of-bounds Write vulnerability when parsing a specially crafted file. 

adobe -- illustrator An unauthenticated attacker could leverage this vulnerability to 2021-06-28 not yet |CVE-2021-21101 
achieve arbitrary code execution in the context of the current user. calculated |MISC 





traversal vulnerability when parsing a crafted file. An 


Adobe InCopy version 16.0 (and earlier) is affected by an path 











Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 


adobe -- incopy unauthenticated attacker could leverage this vulnerability to 2021-06-28 not yet |CVE-2021-21090 
achieve remote code execution in the context of the current user. calculated |MISC 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 
Adobe InDesign version 16.0 (and earlier) is affected by an Out- 
of-bounds Write vulnerability when parsing a crafted file. An 

adobe -- indesign unauthenticated attacker could leverage this vulnerability to 2021-06-28 not yet |CVE-2021-21099 
achieve remote code execution in the context of the current user. calculated |MISC 





Adobe InDesign version 16.0 (and earlier) is affected by an Out- 


of-bounds Write vulnerability when parsing a crafted file. An 

















attacker. Access to the admin console is required for successful 
exploitation. 


adobe -- indesign unauthenticated attacker could leverage this vulnerability to 2021-06-28 not yet ||CVE-2021-21098 

achieve remote code execution in the context of the current user. calculated |MISC 

Exploitation of this issue requires user interaction in that a victim 

must open a malicious file. 

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 

2.3.6-p1 (and earlier) are affected by a Violation of Secure Design o : 
adobe -- magento Principles vulnerability in RMA PDF filename formats. Successful |} 2021-06-28 es a 

exploitation could allow an attacker to get unauthorized access to ee 

restricted resources. 

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 

2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability 

when creating a store with child theme.Successful exploitation not yet |CVE-2021-28584 
pdcbe magento could lead to arbitrary file system write by an authenticated 2021-06-28 | calculated [MISC 





Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 



































problematic when users interact with Druid indirectly through an 
application that allows users to specify the HTTP InputSource, but 
not the Local InputSource. In this case, users could bypass the 
application-level restriction by passing a file URL to the HTTP 
InputSource. 


2.3.6-p1 (and earlier) are affected by an Improper input validation not yet CVE-2021-28585 
adobe — magento vulnerability in the New customer WebAPI.Successful exploitation 2021-06-28 | calculated |MISC 
could allow an attacker to send unsolicited spam e-mails. 
Stored cross-site scripting (XSS) in the embedded webserver of 
akep aka [AKCP sensorProbe before SP480-20210624 enables remote nabvet oo 
P P authenticated attackers to introduce arbitrary JavaScript via the 2021-06-30 aieaied MISC 
Sensor Description, Email (from/to/cc), System Name, and MISC 
System Location fields. ——— 
: renee An issue exists within Akkadian Provisioning Manager 4.50.02 
elickead in == provisioning J anagor which allows attackers to view sensitive information within the 2021-07-01 mel ate oe 
/pme subdirectories. —— 
F bats An issue exists within the SSH console of Akkadian Provisioning 
akkadian -- provisioning_manager Manager 4.50.02 which allows a low-level privileged user to 2021-07-01 || notyet |eVE-2020-27s62 
: ae . the calculated |MISC 
escape the web configuration file editor and escalate privileges. 
In the Druid ingestion system, the InputSource is used for reading 
data from a certain data source. However, the HTTP InputSource 
allows authenticated users to read data from other sources than 
intended, such as the local file system, with the privileges of the 
Druid server process. This is not an elevation of privilege when 
dna hers druid users access Druid directly, since Druid also provides the Local 2021-07-02 not yet oo 
P InputSource, which allows the same level of access. But it is calculated | ~ 


MLIST 





apache -- traffic_server 


Incorrect handling of url fragment vulnerability of Apache Traffic 


Server allows an attacker to poison the cache. This issue affects 
Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 


2021-06-29 


not yet 


CVE-2021-27577 


MISC 





apache -- traffic_server 








Invalid values in the Content-Length header sent to Apache Traffic 


Server allows an attacker to smuggle requests. This issue affects 
Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 











2021-06-29 


calculated 


not yet 
calculated 








CVE-2021-32565 


MISC 
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Primary ae : Cvss Source & Patch 
Vendor -- Product Pescmpron Published | Score Info 
. : Stack-based Buffer Overflow vulnerability in cachekey plugin of 2 5 
apacnoytalic Sebyeh Apache Traffic Server. This issue affects Apache Traffic Server 2021-06-30 Bits _ d aa 
7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Pere 
This vulnerability allows attackers with physical access to escalate 
privileges on affected installations of Arlo Q Plus 1.9.0.3_278. 
Authentication is not required to exploit this vulnerability. The CVE-2021-31505 
arlo_q_plus -- arlo_q_plus specific flaw exists within the SSH service. The device can be 2021-06-29 not yet MISC... 
booted into a special operation mode where hard-coded calculated MISC 
credentials are accepted for SSH authentication. An attacker can tearm 
leverage this vulnerability to escalate privileges and execute 
arbitrary code in the context of root. Was ZDI-CAN-12890. 
: In Artica Pandora FMS <=754 in the File Manager component, 
artica — pandora_fms there is sensitive information exposed on the client side which 2021-06-30 a we 
attackers can access. (ieee 
chevereto -- chevereto Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an not yet CVE-2021-31721 
: : : 2021-06-30 MISC 
image title at the image upload stage. calculated MISC 
omamade: Simpler: A stored cross scripting (XSS) vulnerability in CMS Made Simple 
Se mode cinle 2.2.14 allows authenticated attackers to execute arbitrary web 2021-07-02 not yet ||CVE-2020-36412 
= simp scripts or HTML via a crafted payload entered into the "Search calculated |MISC 
Text" field under the "Admin Search" module. 
A stored cross scripting (XSS) vulnerability in CMS Made Simple 
cms_made_simple -- 2.2.14 allows authenticated attackers to execute arbitrary web 
cms_made_simple scripts or HTML via a crafted payload entered into the "Path for 2021-07-02 Bite oo 
the {page_image} tag:" or "Path for thumbnail field:" parameters a 
under the "Content Editing Settings" module. 
A stored cross scripting (XSS) vulnerability in CMS Made Simple 
cms_made_simple -- 2.2.14 allows authenticated attackers to execute arbitrary web 
cms_made_simple scripts or HTML via a crafted payload entered into the "Email 2021-07-02 ee oo 
address to receive notification of news submission" parameter = 
under the "Options" module. 
ems tare. Simplex: A stored cross scripting (XSS) vulnerability in CMS Made Simple 
ame ama ice 2.2.14 allows authenticated attackers to execute arbitrary web 2021-07-02 not yet |CVE-2020-36414 
= simp scripts or HTML via a crafted payload entered into the "URL calculated ||MISC 
(slug)" or "Extra" fields under the "Add Article" feature. 
amecmade-simble = A stored cross scripting (XSS) vulnerability in CMS Made Simple 
eae hegre 2.2.14 allows authenticated attackers to execute arbitrary web 2021-07-02 not yet |CVE-2020-36408 
= simp scripts or HTML via a crafted payload entered into the "Add calculated |MISC 
Shortcut" parameter under the "Manage Shortcuts" module. 
A stored cross scripting (XSS) vulnerability in CMS Made Simple 
cms_made_simple -- 2.2.14 allows authenticated attackers to execute arbitrary web 
cms_made_simple scripts or HTML via a crafted payload entered into the "Exclude 2021-07-02 el la a 
these IP addresses from the "Site Down" status" parameter under eemeres 
the "Maintenance Mode" module. 
eine rade.-Simplex: A stored cross scripting (XSS) vulnerability in CMS Made Simple 
alg Ag tre 2.2.14 allows authenticated attackers to execute arbitrary web 2021-07-02 not yet |CVE-2020-36415 
= Simp scripts or HTML via a crafted payload entered into the "Create a calculated ||MISC 
new Stylesheet" parameter under the "Stylesheets" module. 
bs. made ‘Simplex A stored cross scripting (XSS) vulnerability in CMS Made Simple 
iain see motte 2.2.14 allows authenticated attackers to execute arbitrary web 2021-07-02 not yet ||CVE-2020-36416 
= anni scripts or HTML via a crafted payload entered into the "Create a calculated |MISC 
new Design" parameter under the "Designs" module. 
orig radar Sifablexe A stored cross scripting (XSS) vulnerability in CMS Made Simple 
Ses ia ae inc 2.2.14 allows authenticated attackers to execute arbitrary web 2021-07-02 not yet ||CVE-2020-36409 
= simp scripts or HTML via a crafted payload entered into the "Add calculated |MISC 
Category" parameter under the "Categories" module. 
CVE-2021-35970 
eoral’<eoral Talk 4 in Coral before 4.12.1 allows remote attackers to discover nat vet MISC 
e-mail addresses and other sensitive information via GraphQL 2021-06-30 erie MISC 
because permission checks use an incorrect data type. MISC 
MISC 
An issue was discovered in Craft CMS before 3.6.7. In some CVE-2021-27903 
circumstances, a potential Remote Code Execution vulnerability not yet MISC 
pan enee rans existed on sites that did not restrict administrative changes (if an 2021-06-30 |} calculated ||MISC 
attacker were somehow able to hijack an administrator's session). MISC 
An issue was discovered in Craft CMS before 3.6.0. In some at vat oe 
craft_cms -- craft_cms circumstances, a potential XSS vulnerability existed in connection || 2021-06-30 cia MISC 
with front-end forms that accepted user uploads. MISC 
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are 
delta_electronics -- dopsoft vulnerable to an out-of-bounds read while processing project files, || 2021-07-02 Pate oe 
which may allow an attacker to disclose information. f= 
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delta_electronics -- dopsoft 


Delta Electronics DOPSoft Versions 4.0.10.17 and prior are 


vulnerable to an out-of-bounds read, which may allow an attacker 


2021-07-02 


i 


not yet 


CVE-2021-27412 





















































changing site data from a frontend form. Kirby 3.5.7 patches the 
vulnerability. As a partial workaround, site administrators can 
protect against attacks from visitors without Panel access by 
validating or sanitizing provided data from the frontend form. 


to execute arbitrary code. calculated (MISC 
CVE-2021-35042 
aiancoi=dianad Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows nakvet MISC 
yang Heng QuerySet.order_by SQL injection if order_by is untrusted input 2021-07-02 Gaiciea CONFIRM 
from a client of a web application. MISC 
CONFIRM 
An out-of-bounds write vulnerability was found in DjVuLibre in 
djvulibre -- djvulibre DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file 2021-06-30 not yet ||CVE-2021-3630 
which may lead to crash and segmentation fault. This flaw affects calculated |MISC 
DjVuLibre versions prior to 3.5.28. 
Improper access control vulnerability in EC-CUBE 4.0.6 (EC- CME=2021-20778 
ec-cube -- ec-cube p not yet |MISC 
CUBE 4 series) allows a remote attacker to bypass access 2021-07-01 calculated |MISC 
restriction and obtain sensitive information via unspecified vectors. VN 
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to CVE-2021-20751 
ec-cube -- ec-cube 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an 2021-06-28 not yet MISC... 
arbitrary script by leading an administrator or a user to a specially calculated MISC 
crafted page and to perform a specific operation. ———— 
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 
le pecuceaiee 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 sein We 
(EC-CUBE 4 series) allows a remote attacker to inject an arbitrary || 2021-06-28 ea MISC 
script by leading an administrator or a user to a specially crafted MISC 
page and to perform a specific operation. fears 
Emissary is a P2P-based, data-driven workflow engine. Emissary 
version 6.4.0 is vulnerable to Server-Side Request Forgery 
amisganyiccemiseal (SSRF). In particular, the ‘RegisterPeerAction’ endpoint and the not vet wee 
"y *AddChildDirectoryAction® endpoint are vulnerable to SSRF. This 2021-07-02 aac MISC. 
vulnerability may lead to credential leaks. Emissary version 7.0 MISC 
contains a patch. As a workaround, disable network access to hearers 
Emissary from untrusted sources. 
Solidity 0.7.5 has a stack-use-after-return issue in CVE-2020-36402 
ethereum -- solidity smtutil::CHCSmtLib2Interface::querySolver. NOTE: 2021-07-01 not yet MISC 
c39a5e2b/a3fabbf687f53a2823fc087be6c1a7e is cited in the calculated |MISC 
OSV "fixed" field but does not have a code change. MISC 
CVE-2021-36088 
fluent -- fluent_bit Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in not yet [MISC 
‘ 2021-07-01 MISC 
flb_ free (called from flb_parser_json_do and flb_parser_do). calculated MISC 
MISC 
fudousan_plugin_pro -- earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and not vet 7 rn! 
fudousan_plugin_pro earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and 2021-06-28 eanaicd MISC 
earlier allows a remote authenticated attacker to inject an arbitrary MISC 
script via unspecified vectors. = 
Kirby is a content management system. In Kirby CMS versions 
3.5.5 and 3.5.6, the Panel's “Listltem* component (used in the 
pages and files section for example) displayed HTML in page titles 
as it is. This could be used for cross-site scripting (XSS) attacks. 
etkirby - kirb Malicious authenticated Panel users can escalate their privileges if not vet CVE-2021-32735 
9 y y they get access to the Panel session of an admin user. Visitors 2021-07-02 eed CONFIRM 
without Panel access can use the attack vector if the site allows MISC 





Use after free in WebGL in Google Chrome prior to 91.0.4472.114 


not yet 


CVE-2021-30554 
































crafted HTML page. 

















google -- chrome allowed a remote attacker to potentially exploit heap corruption via] 2021-07-02 calculated MISC 

a crafted HTML page. MISC 

Use after free in Sharing in Google Chrome prior to 91.0.4472.114 

allowed an attacker who convinced a user to install a malicious not yet a 
google -- chrome 2021-07-02 MISC 

extension to potentially exploit heap corruption via a crafted HTML calculated MISC 

page and user gesture. feat 

Use after free in WebAudio in Google Chrome prior to notvet CVE-2021-30556 
google -- chrome 91.0.4472.114 allowed a remote attacker to potentially exploit 2021-07-02 erieiea MISC 

heap corruption via a crafted HTML page. MISC 

Use after free in TabGroups in Google Chrome prior to 
google -- chrome 91.0.4472.114 allowed an attacker who convinced a user to install not yet hee ee 

a : : : : : 2021-07-02 MISC 
a malicious extension to potentially exploit heap corruption via a calculated 


MISC 
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Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in 





CVE-2021-36089 














V600R019C10SPC700,V600R019C10SPC702, 
V600R019C10SPC703,V600R019C10SPC800, 
V600R019C10SPC900, V600R019C10SPC910, 
V600R019C10SPC920, V600R019C10SPC921, 
V600R019C10SPC922, V600R019C10SPC930, 
V600R019C10SPC931 


Grok grok grk::FileFormatDecompress::apply_palette_clr (called from 2021-07-01 ie d vee 
grk::FileFormatDecompress::applyColour). are MISC 
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and 
Versions prior to 6.4.3-09, and NEC Storage M Series NAS 
hitachi — Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) er i ania 
virtual_file_platform_versions and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3- 2021-06-28 aeicigied MISC 
08(NEC3.4.2) allow remote authenticated attackers to execute MISC 
arbitrary OS commands with root privileges via unspecified jaca 
vectors. 
There is a multiple threads race condition vulnerability in Huawei 
product. A race condition exists for concurrent I/O read by multiple 
threads. An attacker with the root permission can exploit this 
vulnerability by performing some operations. Successful 
exploitation of this vulnerability may cause the system to crash. 
Affected product versions include: ManageOne 6.5.1.SPC200, 
huawei -- multiple_products 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 2021-06-29 not yet CVE-2021-22340 
8.0.RC3.SPC100;SMC2.0 calculated ||MISC 





huawei -- multiple_products 


‘There has a license management vulnerability in some Huawei 


products. An attacker with high privilege needs to perform specific 
operations to exploit the vulnerability on the affected device. Due 
ito improper license management of the device, as a result, the 
license file can be applied and affect integrity of the device. 
Affected product versions include:S12700 











V200R007C01,V200R007C01B102,V200R008C00,V200R010C00$Fx0aI006220R\ ROIS oot eOsdSPeTB0, 
V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200RO11C10:S27pGa ulated MISC 
V200R008C00,V200R010C00SPC300,V200R011C00,V200R011CHOSPC100,V20PR011C10:$5700 
V200R008C00,V200R010C00SPC300,V200R011C00.V200R011CHOSPC100.V20NRO11C10,V200R011C10SPC100;§ 
V200R008C00;V200R010C00SPC300.V200R011C00.V200R011CHOSPC100.V20NRO11C10.V200R011C10SPC100-s 
V200R008C00,V200R010C00SPC300.V200R011C00.V200R011CHOSPC100,V20NR011C10:39700 
V200R007C01,V200R007C01B102,V200R008C00,V200R010C00$PC300,V200RP11C00,V20RO11CO0SPC100,V2 


a 





huawei -- smartphone 


There is an Improper Validation of Array Index Vulnerability in 
Huawei Smartphone. Successful exploitation of this vulnerability 
may cause stability risks. 


2021-06-30 


not yet 
calculated 


CVE-2021-22374 
MISC 





huawei -- smartphone 


‘There is a Memory Buffer Improper Operation Limit Vulnerability in 


Huawei Smartphone. Successful exploitation of this vulnerability 
may cause the device to crash and restart. 


2021-06-30 


not yet 
calculated 


BR 


MISC 


CVE-2021-22350 





There is a Credentials Management Errors Vulnerability in Huawei 











execute malicious commands. 


: Smartphone. Successful exploitation of this vulnerability may not yet CVE-2021-22351 
hvewiel —-simiariphone induce users to grant permissions on modifying items in the 2021-06-30 |} calculated |MISC 
configuration table,causing system exceptions. 
There is a Configuration Defect Vulnerability in Huawei 
eos Smartphone. Successful exploitation of this vulnerability may allow a not yet |CVE-2021-22352 
nuawel =" sitalphione attackers to hijack the device and forge Uls to induce users to evel e 0 calculated |MISC 





huawei -- smartphone 


There is a Memory Buffer Improper Operation Limit Vulnerability in 


Huawei Smartphone. Successful exploitation of this vulnerability 
may cause the kernel to restart. 


2021-06-30 


not yet 
calculated 


MISC 


CVE-2021-22353 





huawei -- smartphone 


There is a Key Management Errors Vulnerability in Huawei 
Smartphone. Successful exploitation of this vulnerability may lead 
to authentication bypass. 


2021-06-30 


not yet 
calculated 


MISC 


CVE-2021-22367 





huawei -- smartphone 


There is a Permission Control Vulnerability in Huawei 
Smartphone. Successful exploitation of this vulnerability may 
affect normal use of the device. 


2021-06-30 


not yet 
calculated 


MISC 


CVE-2021-22368 





huawei -- smartphone 


There is an Input Verification Vulnerability in Huawei Smartphone. 


Successful exploitation of insufficient input verification may cause 
the system to restart. 


2021-06-30 


not yet 
calculated 


MISC 


CVE-2021-22349 





huawei -- smartphone 


There is a Defects Introduced in the Design Process Vulnerability 


in Huawei Smartphone. Successful exploitation of this vulnerability 
may affect service integrity and availability. 


2021-06-30 


not yet 
calculated 


MISC 


CVE-2021-22373 





huawei -- smartphone 


There is an Improper Permission Management Vulnerability in 


Huawei Smartphone. Successful exploitation of this vulnerability 
may affect service confidentiality. 


2021-06-30 


not yet 
calculated 


MISC 


CVE-2021-22371 





huawei -- smartphone 








There is a Security Features Vulnerability in Huawei Smartphone. 


Successful exploitation of this vulnerability may affect service 





confidentiality. 








2021-06-30 





not yet 
calculated 





BIRIRIRIBIBIR: 


MISC 





CVE-2021-22372 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e6e1ab 





16/27 


7/6/2021 


Vulnerability Summary for the Week of June 28, 2021 

































































































































































Primary are : Cvss Source & Patch 
Vendor -- Product Pescmption Published | Score Info 
There is a Key Management Errors Vulnerability in Huawei 
huawei -- smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-30 Paw oo 
affect service confidentiality,availability and integrity. rere 
There is an Improper Permission Management Vulnerability in 7 : 
huawei -- smartphone Huawei Smartphone. Successful exploitation of this vulnerability 2021-06-30 Pla kris arn 
may affect service confidentiality, availability and integrity. lpm 
There is a Cleartext Transmission of Sensitive Information 
huawei -- smartphone Vulnerability in Huawei Smartphone. Successful exploitation of 2021-06-30 Pelee wee 
this vulnerability may affect service confidentiality and availability. aad 
There is a Credentials Management Errors Vulnerability in Huawei 
huawei -- smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-30 Bieta 1 ni 
affect service confidentiality. ieee 
There is a Time-of-check Time-of-use (TOCTOU) Race Condition 
: Vulnerability in Huawei Smartphone. Successful exploitation of not yet |CVE-2021-22369 
huawel — smartphone these vulnerabilities may escalate the permission to that of the 2021-06-30 |} calculated [MISC 
root user. 
, There is a Configuration Defect vulnerability in Huawei 
NYeWe | <> simarphene Smartphone. Successful exploitation of this vulnerability may 2021-07-01 Pulte a i cama 
affect service integrity and availability. i 
: ‘There is an Improper Access Control vulnerability in Huawei 
huawei — smartphone Smartphone. Successful exploitation of this vulnerability may 2021-07-01 miata oo 
cause temporary DoS. —— 
: There is a Missing Cryptographic Step vulnerability in Huawei 
Rie WG Sinai pnIGna: Smartphone. Successful exploitation of this vulnerability may 2021-07-01 ake a 
cause DoS of Samgr. aoe 
: There is a Memory Buffer Improper Operation Limit Vulnerability in 
huawel — smartphone Huawei Smartphone. Successful exploitation of this vulnerability | 2021-06-30 | "Ol Yet oe 
may cause code to execute. (iene 
: There is an Improper Permission Management Vulnerability in 
RpaMG) <eimarnone Huawei Smartphone. Successful exploitation of this vulnerability |} 2021-06-30 | "ot yet | a 
may lead to the disclosure of user habits. (auc: 
: There is an Input Verification Vulnerability in Huawei Smartphone. 
huawei — smartphone Successful exploitation of this vulnerability may cause out-of- 2021-06-30 LS ale oe 
bounds memory write. ——— 
F ‘There is an Improper Access Control vulnerability in Huawei 
Hsweh > Simeripnane Smartphone. Successful exploitation of this vulnerability may 2021-07-01 Rae oe 
cause temporary DoS. SS 
, There is an Incorrect Privilege Assignment Vulnerability in Huawei 
huawei — smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-30 Paes oo 
affect service confidentiality. = 
: There is an Integer Overflow Vulnerability in Huawei Smartphone. 
npe We einer Hone, Successful exploitation of these vulnerabilities may escalate the 2021-06-30 i ee a 
permission to that of the root user. — 
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness 
biz eoanoscanalviés in the implementation of the System Appearance configuration not vet CVE-2021-20461 
gnos_ y setting. An attacker could potentially bypass business logic to 2021-06-30 aieueied XF 
modify the appearance and behavior of the application. IBM X- CONFIRM 
Force ID: 196770. 
IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is 
ibri=: datacab: iastdoce capture vulnerable to cross-site scripting. This vulnerability allows users to notvet CVE-2020-4935 
P| cap embed arbitrary JavaScript code in the Web UI thus altering the 2021-07-01 aateuted CONFIRM 
intended functionality potentially leading to credentials disclosure XF 
within a trusted session. IBM X-Force ID: 191753. 
IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) 
ibiy=: Hatacan taskmasiee cantare is vulnerable to SQL injection. A remote attacker could send notvet CVE-2020-4902 
PL —cap specially crafted SQL statements, which could allow the attacker 2021-07-01 saiuied XE 
ito view, add, modify or delete information in the back-end CONFIRM 
database. IBM X-Force ID: 191045. 
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a 
ibm -- remote authenticated attacker to conduct an LDAP injection. By not vet CVE-2021-20574 
security_identity_manager_adapters|using a specially crafted request, an attacker could exploit this 2021-06-28 aaa CONFIRM 
Vulnerability and takeover other accounts. IBM X-Force ID: XF 
199252. 
ienkins -- jenkins A missing permission check in Jenkins requests-plugin Plugin at vet CVE-2021-21674 
) J 2.2.6 and earlier allows attackers with Overall/Read permission to || 2021-06-30 | 7°). 4 |CONFIRM 
view the list of pending requests. MLIST 
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform CVE-2021-21676 
jenkins -- jenkins a permission check in an HTTP endpoint, allowing attackers with notyet. |Aagccis 
as : 2021-06-30 CONFIRM 
Overall/Read permission to send test emails to an attacker- calculated MLIST 
specified email address. beige 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Pescmprion Published | Score Info 
ienieing<ienidns Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a iakvet CVE-2021-21673 
! y redirect URL after login is legitimately pointing to Jenkins, allowing|] 2021-06-30 eicie ted [CONEIRM 
attackers to perform phishing attacks. MLIST 
ianking-<ienkins Jenkins Selenium HTML report Plugin 1.0 and earlier does not not vet CVE-2021-21672 
! J configure its XML parser to prevent XML external entity (XXE) 2021-06-30 Saieae ted [CONEIRM 
attacks. MLIST 
jenkins -- jenkins Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not not yet CVE-2021-21671 
aes P : ; 2021-06-30 CONFIRM 
invalidate the previous session on login. calculated MLIST 
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to CVE-2021-21670 
jenkins -- jenkins cancel queue items and abort builds of jobs for which they have 2021-06-30 not yet CONFIRM 
Item/Cancel permission even when they do not have Item/Read calculated MLIST 
permission. are 
A cross-site request forgery (CSRF) vulnerability in Jenkins CVE-2021-21675 
jenkins -- jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to notyet. |Aasecia CO 
a ; 2021-06-30 CONFIRM 
create requests and/or have administrators apply pending calculated MLIST 
requests. ——— 
F , . CVE-2021-27660 
liohnson_ controls -- c-cure_9000 An insecure client auto update feature in C-CURE 9000 can allow 2021-07-01 not yet CERT 
remote execution of lower privileged Windows programs. calculated CONFIRM 
Successful exploitation of this vulnerability could give an 
authenticated Facility Explorer SNC Series Supervisory Controller Hatvat CVE-2021-27661 
johnson_controls -- facility_explorer ||(F4-SNC) user an unintended level of access to the controller’s file|| 2021-07-01 Gerieied CERT 
system, allowing them to access or modify system files by sending CONFIRM 
specifically crafted web messages to the F4-SNC. 
When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 
2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus 
EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, 
lieia Gomnoration-<tavanue: ole Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET- 2021-07-01 not yet CVE-2021-27477 
ptext_corp yopuc_p T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE calculated |MISC 
receive an invalid frame, the outside area of a receive buffer for 
FL-net are overwritten. As a result, the PLC CPU detects a system 
error, and the affected products stop. 
CVE-2021-36083 
kde -- kimageformats KDE KlmageFormats 5.70.0 through 5.81.0 has a stack-based 2021-07-01 not yet MISC 
buffer overflow in XCFlmageFormat::loadTileRLE. calculated ||MISC 
MISC 
‘ CVE-2020-36405 
pecan ~ Keystone Engine 0.9.2 has a use-after-free in 2021-07-04 not yet MISC 
y eng Ilvm_ks::X86Operand::getToken. calculated |MISC 
MISC 
; CVE-2020-36404 
oe ~ Keystone Engine 0.9.2 has an invalid free in 2021-07-01 not yet MISC 
y —£ng Ilvm_ks::SmallVectorlmpl<Ilvm_ks::MCFixup>::~SmallVectorlmpl. calculated |MISC 
MISC 
A stored cross site scripting (XSS) vulnerability in the 
lavalite -- cms /admin/user/team component of LavaLite 5.8.0 allows 2021-07-02 not yet |CVE-2020-36395 
authenticated attackers to execute arbitrary web scripts or HTML calculated ||MISC 
via a crafted payload entered into the "New" parameter. 
A stored cross site scripting (XSS) vulnerability in the 
lavalite -- cms /admin/roles/role component of LavaLite 5.8.0 allows 2021-07-02 not yet |CVE-2020-36396 
authenticated attackers to execute arbitrary web scripts or HTML calculated |MISC 
via a crafted payload entered into the "New" parameter. 
A stored cross site scripting (XSS) vulnerability in the 
lavalite -- cms /admin/contact/contact component of LavaLite 5.8.0 allows 2021-07-02 not yet CVE-2020-36397 
authenticated attackers to execute arbitrary web scripts or HTML calculated |MISC 
via a crafted payload entered into the "New" parameter. 
CVE-2020-36407 
libavif -- libavif libavif 0.8.0 and 0.8.1 has an out-of-bounds write in 2021-07-01 not yet MISC 
avifDecoderDataFilllmageGrid. calculated |MISC 
MISC 
be cere eect GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double- cose Ma 
9 9 free in bit_chain_free (called from dwg_encode_MTEXT and 2021-07-01 y Ferre 
: calculated |MISC 
dwg_encode_add_object). MISC 
- ; LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read EVE=2019-25048 
libressl -- libressl : ; . : not yet MISC 
in do_print_ex (called from asn1_item_print_ctx and 2021-07-01 
: : calculated |MISC 
ASN 1_item_print). MISC 
CVE-2019-25049 
libressl -- libressl LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in 2021-07-01 not yet MISC 
asn1_item_print_ctx (called from asn1_template_print_ctx). calculated ||MISC 
MISC 
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(telnetd) and gain a shell on the device as the admin limited-user 
account (however, escalation to root is simple because of weak 
permissions on the /etc/ directory). 

















Primary oar ; Cvss Source & Patch 
Vendor -- Product Bescmpron eubilehed | Score Info 
Ikalka_rss_reader -- Cross-site scripting vulnerability in Ikalka RSS Reader all versions . i 
Ikalka_rss_reader allows a remote attacker to inject an arbitrary script via 2021-07-01 Bs - d i a 
unspecified vectors. eee 
An issue was discovered in the CentralAuth extension in 
MediaWiki through 1.36. The Special:GlobalUserRights page CVE-2021-36127 
BO ae eee provided search results which, for a suppressed MediaWiki user, notyet |ijeca © 
mediawiki -- mediawiki f ig ay p 2021-07-02 MISC 
were different than for any other user, thus easily disclosing calculated MISC 
suppressed accounts (which are supposed to be completely ———— 
hidden). 
An issue was discovered in the CentralAuth extension in 
wiedialwild =mediawiki MediaWiki through 1.36. The Special:GlobalRenameRequest nat vet CVE-2021-36125 
page is vulnerable to infinite loops and denial of service attacks 2021-07-02 gaia MISC 
when a user's current username is beyond an arbitrary maximum MISC 
configuration value (MaxNameChars). 
An XSS issue was discovered in the SportsTeams extension in 
a fs ss MediaWiki through 1.36. Within several special pages, a privileged CVE-2021-36131 
ineG law iele-amcMl awn user could inject arbitrary HTML and JavaScript within various 2021-07-02 |} TOtyet  limisc 
data fields. The attack could easily propagate across many pages MISC 
for many users. 
An issue was discovered in the AbuseFilter extension in 
MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker CVE-2021-36126 
mediawiki -- mediawiki message is invalid within the content language, the filter user falls 2021-07-02 not yet MISC... 
back to the English version, but that English version could also be calculated MISC 
invalid on a wiki. This would result in a fatal error, and potentially ae 
fail to block or restrict a potentially nefarious user. 
An issue was discovered in the Filelmporter extension in 
MediaWiki through 1.36. For certain relaxed configurations of the CVE-2021-36132 
mediawiki -- mediawiki $wgFilelmporterRequiredRight variable, it might not validate all 2021-07-02 not yet MISC... 
appropriate user rights, thus allowing a user with insufficient rights calculated MISC 
to perform operations (specifically file uploads) that they should iad 
not be allowed to perform. 
An XSS issue was discovered in the SocialProfile extension in 
Batic Be ea MediaWiki through 1.36. Within several gift-related special pages, CVE-2021-36130 
median mena a privileged user with the awardmanage right could inject arbitrary || 2021-07-02 Psa aaes MISC 
HTML and JavaScript within various gift-related data fields. The MISC 
attack could easily propagate across many pages for many users. 
mediawiki -— mediawiki An issue was discovered in the CentralAuth extension in nak vet ee 
MediaWiki through 1.36. Autoblocks for CentralAuth-issued 2021-07-02 y aaTeEAY 
: : calculated |MISC 
suppression blocks are not properly implemented. MISC 
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, 
mediawiki -- mediawiki and 1.36.x before 1.36.1, bots have certain unintended API not vet CVE-2021-35197 
access. When a bot account has a "sitewide block" applied, it is 2021-07-02 aac CONFIRM 
able to still "purge" pages through the MediaWiki Action API MISC 
(which a "sitewide block" should have prevented). 
An issue was discovered in the Translate extension in MediaWiki 
Be ne through 1.36. The Aggregategroups Action API module does not CVE-2021-36129 
mediowiki<=tediaiikl validate the parameter for aggregategroup when action=remove is || 2021-07-02 ea MISC 
set, thus allowing users with the translate-manage right to silently MISC 
delete various groups' metadata. 
SuRIpEOT = Windaws Windows Print Spooler Remote Code Execution Vulnerability 2021-07-02 || Notyet /eWi2GZt-st52/ 
calculated |MISC 
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via 
Moneta ome =smanehs a crafted payload entered into the "Snippet content" field under 2021-07-01 hotyet | teveezeei<2s219 
ea : " calculated |MISC 
the "Edit Snippet" module. 
A stored cross site scripting (XSS) vulnerability in Monstra CMS 
monstra_cms -- monstra version 3.0.4 allows attackers to execute arbitrary web scripts or 2021-07-01 not yet |CVE-2020-23205 
HTML via crafted a payload entered into the "Site Name" field calculated |MISC 
under the "Site Settings" module. 
ICVE-2020-36401 
mruby -- mruby mruby 2.1.2 has a double free in mrb_default_allocf (called from 2021-07-01 not yet MISC 
mrb_free and obj_free). calculated |MISC 
MISC 
NETGEAR WAC104 devices before 1.0.4.15 are affected by an 
authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing 
an unauthenticated attacker to invoke any action by adding the 
_ , &currentsetting.htm substring to the HTTP query, a related issue CVE-2021-35973 
Reldgal se MaetOs. Bevinee to CVE-2020-27866. This directly allows the attacker to change | 2021-06-30 || "OLYS!  |Imisc 
the web UI password, and eventually to enable debug mode MISC 
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Primary Aare P Cvss Source & Patch 
Vendor -- Product Pescmpron Publlehed Score Info 
CVE-2021-23400 
odemailencsnodemailer The package nodemailer before 6.6.1 are vulnerable to HTTP not vet MISC 
Header Injection if unsanitized user input that may contain 2021-06-29 Sead MISC 
newlines and carriage returns is passed into an address object. MISC 
MISC 
CVE-2021-36082 
ntop -- ndpi ntop nDPI 3.4 has a stack-based buffer overflow in 2021-07-01 not yet MISC 
processClientServerHello. calculated |MISC 
MISC 
oe Bootloader contains a vulnerability in NVIDIA MB2 where a 
neldiere-iniba potential heap overflow could cause memory corruption, which 2021-06-30 a eae a 
might lead to denial of service or code execution. oe 
— Bootloader contains a vulnerability in NVIDIA MB2 where a 
nyidiey=tmibe potential heap overflow might lead to denial of service or 2021-06-30 ist ee ee 
escalation of privileges. ——— er 
Bootloader contains a vulnerability in NVIDIA MB2 where potential 
nvidia -- mb2 heap overflow might cause corruption of the heap metadata, 2021-06-30 not yet ||CVE-2021-34380 
which might lead to arbitrary code execution, denial of service, calculated |CONFIRM 
and information disclosure during secure boot. 
‘Trusty contains a vulnerability in the HDCP service TA where 
bounds checking in command 11 is missing. Improper restriction 
nvidia -- trusty of operations within the bounds of a memory buffer might lead to 2021-06-30 Pla ee aa 
information disclosure, denial of service, or escalation of _——— eo 
privileges. 
Trusty contains a vulnerability in the HDCP service TA where 
bounds checking in command 9 is missing. Improper restriction of 
nvidia -- trusty operations within the bounds of a memory buffer might lead to 2021-06-30 aad aa 
escalation of privileges, information disclosure, and denial of fieeeeagne anaes 
service. 
Trusty contains a vulnerability in the HDCP service TA where 
bounds checking in command 5 is missing. Improper restriction of 
nvidia -- trusty operations within the bounds of a memory buffer might lead to 2021-06-30 Pel aa a 
denial of service, escalation of privileges, and information a ao 
disclosure. 
Trusty contains a vulnerability in all trusted applications (TAs) 
- where the stack cookie was not randomized, which might result in not yet |CVE-2021-34375 
iicliea Shuey stack-based buffer overflow, leading to denial of service, 2021-06-30 |} calculated [CONFIRM 
escalation of privileges, and information disclosure. 
Trusty contains a vulnerability in command handlers where the 
jolie length of input buffers is not verified. This vulnerability can cause ee not yet ||CVE-2021-34374 
puicicy=-tiuety memory corruption, which may lead to information disclosure, eae calculated |CONFIRM 
escalation of privileges, and denial of service. 
‘Trusty trusted Linux kernel (TLK) contains a vulnerability in the 
— NVIDIA TLK kernel where a lack of heap hardening could cause not yet |CVE-2021-34373 
nvidia: = trusty heap overflows, which might lead to information disclosure and 2021-06-30 || calculated [CONFIRM 
denial of service. 
Ss ‘Trusty TLK contains a vulnerability in the NVIDIA TLK kernel 
piviieg == trusty where an integer overflow in the calculation of a length could lead || 2021-06-30 i od oo 
to a heap overflow. a 
‘Trusty contains a vulnerability in the HDCP service TA where 
nvidia -- trusty bounds checking in command 10 is missing. The length of an I/O 2021-06-30 not yet |CVE-2021-34379 
buffer parameter is not checked, which might lead to memory calculated |CONFIRM 
corruption. 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel 
= function where a lack of checks allows the exploitation of an 
nvidia trusty integer overflow on the size parameter of the 2021-06-30 ad oe 
itz_map_shared_mem function, which might lead to denial of — = 
service, information disclosure, or data tampering. 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernela€™s 
nvidia -- trusty itz_map_shared_mem function where an integer overflow on the 2021-06-30 not yet CVE-2021-34382 
size parameter causes the request buffer and the logging buffer to calculated |CONFIRM 
overflow, allowing writes to arbitrary addresses within the kernel. 
CVE-2021-33889 
m OpenThread wpantund through 2021-07-02 has a stack-based aie 
Opemihiged spanned Buffer Overflow because of an inconsistency in the integer data 2021-07-02 Pia kee hia 
type for metric_len. CONFIRM 
OpenVPN before version 2.5.3 on Windows allows local users to 
Rpenden scneRvOn load arbitrary dynamic loadable libraries via an OpenSSL ngtvet CVE-2021-3606 
Penn penvp configuration file if present, which allows the user to run arbitrary 2021-07-02 eaieuced MISC 








code with the same privilege level as the main OpenVPN process 





(openvpn.exe). 
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Primary ore P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load 
arbitrary dynamic loadable libraries via an OpenSSL configuration 
pen pin enemy pa acenned file if present, which allows the user to run arbitrary code with the 2021-07-02 not yet | uie2eetoGis 
as ‘ calculated |MISC 
same privilege level as the main OpenVPN process 
(OpenVPNConnect.exe). 
A stored cross site scripting (XSS) vulnerability in 
phpfusion -- phpfusion /administration/settings_registration.php of PHP-Fusion 9.03.60 2021-07-02 not yet |CVE-2020-23184 
allows authenticated attackers to execute arbitrary web scripts or calculated ||MISC 
HTML via a crafted payload entered into the "Registration" field. 
A stored cross site scripting (XSS) vulnerability in 
phpfusion -- phpfusion administration/settings_main.php of PHP-Fusion 9.03.50 allows 2021-07-02 not yet |CVE-2020-23179 
authenticated attackers to execute arbitrary web scripts or HTML calculated |MISC 
via a crafted payload entered into the "Site footer" field. 
F F An issue exists in PHP-Fusion 9.03.50 where session cookies are 
BRPRSIOnSpnpitaton not deleted once a user logs out, allowing for an attacker to 2021-07-02 Peed ee 
perform a session replay attack and impersonate the victim user. pares 
The component /php- 
F F fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP- 
BapmelOn =H tpStr Fusion 9.03.60 allows attackers to redirect victim users to 2021-07-02 not yet |CVE-2020-25182 
a ; : P calculated |MISC 
malicious websites via a crafted payload entered into the 
Shoutbox message panel. 
A reflected cross site scripting (XSS) vulnerability in 
phpfusion -- phpfusion /administration/theme.php of PHP-Fusion 9.03.60 allows 2021-07-02 not yet |CVE-2020-23181 
authenticated attackers to execute arbitrary web scripts or HTML calculated ||MISC 
via a crafted payload entered into the "Manage Theme" field. 
A stored cross site scripting (XSS) vulnerability in 
phpfusion -- phpfusion /administration/setting_security.php of PHP-Fusion 9.03.60 allows 2021-07-02 not yet |CVE-2020-23185 
authenticated attackers to execute arbitrary web scripts or HTML calculated |MISC 
via a crafted payload. 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 
phplist -- phplist allows attackers to execute arbitrary web scripts or HTML via a 2021-07-01 not yet |CVE-2020-23214 
crafted payload entered into the "Configure categories" field under calculated |MISC 
the "Categorise Lists" module. 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 
phplist -- phplist allows attackers to execute arbitrary web scripts or HTML via a 2021-07-01 not yet ||CVE-2020-23209 
crafted payload entered into the "List Description" field under the calculated ||MISC 
"Edit A List" module. 
Pie : A stored cross site scripting (XSS) vulnerability in the "Import is 3 
pales Rnb? emails" module in phplist 3.5.4 allows authenticated attackers to 2021-07-02 Palit co ao 
execute arbitrary web scripts or HTML via a crafted payload. = 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 
phplist -- phplist allows attackers to execute arbitrary web scripts or HTML via a 2021-07-01 not yet |CVE-2020-23207 
crafted payload entered into the "Edit Values" field under the calculated |MISC 
"Configure Attributes" module. 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 CVE-2020-23217 
phplist -- phplist allows attackers to execute arbitrary web scripts or HTML via a 2021-07-01 not yet MISC... 
crafted payload entered into the "Add a list" field under the "Import calculated MISC 
Emails" module. fea 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and 
phplist -- phplist below allows attackers to execute arbitrary web scripts or HTML 2021-07-02 not yet |CVE-2020-36398 
via a crafted payload in the "Campaign" field under the "Send a calculated |MISC 
campaign" module. 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and 
phplist -- phplist below allows attackers to execute arbitrary web scripts or HTML 2021-07-02 not yet ||CVE-2020-36399 
via a crafted payload in the "rule1" parameter under the "Bounce calculated ||MISC 
Rules" module. 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 
phplist -- phplist allows attackers to execute arbitrary web scripts or HTML via a 2021-07-01 not yet |CVE-2020-23208 
crafted payload entered into the "Send test" field under the "Start calculated ||MISC 
or continue campaign" module. 
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and 
phplist -- phplist below allows authenticated attackers to execute arbitrary web 2021-07-02 not yet |CVE-2020-23192 
scripts or HTML via a crafted payload in the "admin" parameter calculated |MISC 
under the "Manage administrators" module. 
A stored cross site scripting (XSS) vulnerability in the "Import 
phplist -- phplist Subscribers" feature in phplist 3.5.4 and below allows 2021-07-02 not yet |}CVE-2020-23194 
authenticated attackers to execute arbitrary web scripts or HTML calculated |MISC 
via a crafted payload. 
: 7 : . enn ‘ CVE-2021-28993 
plizer -- scrutinizer Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact 2021-06-30 not yet MISC 
is: obtain sensitive information (remote). calculated | a5 


MISC 
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multi-host compatible, but its use is not actively prevented. As of 
Ratpack 1.9.0, the default value is a securely randomly generated 
value, generated at application startup time. As a workaround, 
supply an alternative signing key, as per the documentation's 
recommendation. 

















Primary ae P Cvss Source & Patch 
Vendor -- Product Pescmpron Published | Score Info 
PowerMux is a drop-in replacement for Go's http.ServeMux. In 
PowerMux versions prior to 1.1.1, attackers may be able to craft 
powermux -- powermux phishing links and other open redirects by exploiting the trailing 2021-06-29 not yet |CVE-2021-32721 
slash redirection feature. This may lead to users being redirected calculated |CONFIRM 
to untrusted sites after following an attacker crafted link. The issue 
is resolved in v1.1.1. There are no existing workarounds. 
project_acrn -- acrn-hypervisor IACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer 2021-07-02 not yet CVE-2021-36146 
Dereference for a trb pointer. calculated ||MISC 
project_acrn -- acrn-hypervisor AACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL not yet |CVE-2021-36143 
é 2021-07-02 
Pointer Dereference. calculated ||MISC 
‘ ‘ An issue was discovered in ACRN before 2.5. It allows a 
project_acrn -- acrn-hypervisor | devicemodel/hw/pcilvirtio/virtio_net.c virtio_net_ping_rxq NULL || 2021-07-02 || Motyet |CVE-2021-36147 
; calculated ||MISC 
pointer dereference for vq->used. 
; F An issue was discovered in ACRN before 2.5. dmar_free_irte in 
project_acrn -- acrn-hypervisor IL nervigor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer 2021-07-02 || Ne ee 
everions calculate Sc 
project_acrn -- acrn-hypervisor The Device Model in ACRN through 2.5 has a 2021-07-02 not yet CVE-2021-36145 
devicemodel/core/mem.c use-after-free for a freed rb_entry. calculated |MISC 
project_acrn -- acrn-hypervisor The polling timer handler in ACRN before 2.5 has a use-after-free 2021-07-02 not yet |CVE-2021-36144 
for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. calculated |MISC 
A command injection vulnerabilities have been reported to affect 
QTS and QuTS hero. If exploited, this vulnerability allows 
attackers to execute arbitrary commands in a compromised not yet |CVE-2021-28804 
Gnap - qts_and_quts_hero application. This issue affects: QNAP Systems Inc. QTS versions 2021-07-01 | calculated [CONFIRM 
prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS 
hero versions prior to h4.5.1.1582 build 20210217. 
A stored XSS vulnerability has been reported to affect QNAP NAS 
qnap -- nas_devices running QuLog Center. If exploited, this vulnerability allows 2021-07-01 not yet |CVE-2020-36196 
attackers to inject malicious code. This issue affects: QNAP calculated |CONFIRM 
Systems Inc. QuLog Center versions prior to 1.2.0. 
An XSS vulnerability has been reported to affect QNAP NAS 
running QTS and QuTS hero. If exploited, this vulnerability allows 
: attackers to inject malicious code. This issue affects: QNAP 
Gnap — nas_devices Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. | 2021-07-01 | TOLYer ref ea 
QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build —— 
20210414. This issue does not affect: QNAP Systems Inc. QTS 
4.5.3. 
; This issue affects: QNAP Systems Inc. Q'center versions prior to not yet CVE-2021-28803 
pieb a Cemnet 41.11.1004. 2021-07-01 | calculated ||CONFIRM 
A command injection vulnerabilities have been reported to affect 
QTS and QuTS hero. If exploited, this vulnerability allows 
attackers to execute arbitrary commands in a compromised not yet |CVE-2021-28802 
Ghape-qis_ane outs here application. This issue affects: QNAP Systems Inc. QTS versions 2021-07-01 |! cicuiated [CONFIRM 
prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS 
hero versions prior to h4.5.1.1582 build 20210217. 
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds evEses 1820018 
rarlab -- unrar 5 : : ; 7 not yet MISC 
write during a memcpy in QuickOpen::ReadRaw when called from |} 2021-07-01 
: - calculated |MISC 
QuickOpen::ReadNext. MISC 
errs UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in sitio Vee 
Unpack::CopyString (called from Unpack::Unpack5 and 2021-07-01 y aie 
A F calculated |MISC 
CmdExtract::ExtractCurrentFile). 
MISC 
Ratpack is a toolkit for creating web applications. In versions prior 
ito 1.9.0, the client side session module uses the application 
startup time as the signing key by default. This means that if an 
attacker can determine this time, and if encryption is not also used 
(which is recommended, but is not on by default), the session data 
could be tampered with by someone with the ability to write not vet CVE-2021-29480 
ratpack -- ratpack cookies. The default configuration is unsuitable for production use || 2021-06-29 deed MISC 
as an application restart renders all sessions invalid and is not CONFIRM 
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Prima’ ae : CVSS Source & Patch 
Vendor -- Prsiick Pescmpron eubllehed Score Info 
Ratpack is a toolkit for creating web applications. In versions prior 
ito 1.9.0, a user supplied “X-Forwarded-Host header can be used 
ito perform cache poisoning of a cache fronting a Ratpack server if 
the cache key does not include the ‘X-Forwarded-Host’ header as 
a cache key. Users are only vulnerable if they do not configure a 
custom ‘PublicAddress’ instance. For versions prior to 1.9.0, by iakVet CVE-2021-29479 
ratpack -- ratpack default, Ratpack utilizes an inferring version of “PublicAddress’ 2021-06-29 Sarid MISC 
which is vulnerable. This can be used to perform redirect cache CONFIRM 
poisoning where an attacker can force a cached redirect to 
redirect to their site instead of the intended redirect location. The 
vulnerability was patched in Ratpack 1.9.0. As a workaround, 
ensure that “ServerConfigBuilder::publicAddress’ correctly 
configures the server in production. 
Ratpack is a toolkit for creating web applications. In versions prior 
to 1.9.0, the default configuration of client side sessions results in 
unencrypted, but signed, data being set as cookie values. This 
means that if something sensitive goes into the session, it could 
be read by something with access to the cookies. For this to be a 
ratpack -- ratpack vulnerability, some kind of sensitive data would need to be stored 2021-06-29 not yet wee 
in the session and the session cookie would have to leak. For calculated CONFIRM 
example, the cookies are not configured with httpOnly and an _—— 
adjacent XSS vulnerability within the site allowed capture of the 
cookies. As of version 1.9.0, a securely randomly generated 
signing key is used. As a workaround, one may supply an 
encryption key, as per the documentation recommendation. 
Ratpack is a toolkit for creating web applications. In versions prior 
to 1.9.0, a malicious attacker can achieve Remote Code 
Execution (RCE) via a maliciously crafted Java deserialization 
gadget chain leveraged against the Ratpack session store. If one's 
application does not use Ratpack's session mechanism, it is not 
vulnerable. Ratpack 1.9.0 introduces a strict allow-list mechanism not vet CVE-2021-29485 
ratpack -- ratpack that mitigates this vulnerability when used. Two possible 2021-06-29 eee MISC 
workarounds exist. The simplest mitigation for users of earlier CONFIRM 
versions is to reduce the likelihood of attackers being able to write 
ito the session data store. Alternatively or additionally, the allow-list 
mechanism could be manually back ported by providing an 
alternative implementation of ‘SessionSerializer that uses an 
allow-list. 
CVE-2018-25017 
rawspeed -- rawspeed RawSpeed (aka librawspeed) 3.1 has a heap-based buffer 2021-07-01 not yet |MISC 
overflow in TableLookUp::setTable. calculated |MISC 
MISC 
record-like-deep-assign -- record-__||All versions of package record-like-deep-assign are vulnerable to 2021-07-02 not yet ane 
like-deep-assign Prototype Pollution via the main functionality. calculated CONFIRM 
CVE-2020-36403 
samtools -- htslib HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in 2021-07-01 not yet MISC 
vcf_parse_format (called from vcf_parse and vcf_read). calculated ||MISC 
MISC 
The CIL compiler in SELinux 3.2 has a use-after-free in not yet eee oe 
selinux_project -- selinux cil_reset_classpermission (called from cil_reset_classperms_set 2021-07-01 calculated MISC 
and cil_reset_classperms list). MISC 
The CIL compiler in SELinux 3.2 has a use-after-free in ot vat ao 
selinux_project -- selinux |__cil_verify_classperms (called from 2021-07-01 Seal MISC 
|__verify_map_perm_classperms and hashtab_map). MISC 
The CIL compiler in SELinux 3.2 has a use-after-free in not yet na 
selinux_project -- selinux |__cil_verify_classperms (called from __cil_verify_classpermission |} 2021-07-01 calculated MISC 
and __cil_pre_verify_helper). MISC 
The CIL compiler in SELinux 3.2 has a heap-based buffer over- 
selinux_project -- selinux read in ebitmap_match_any (called indirectly from not yet i cian 
= cil_check_neverallow). NOTE: 2021-07-01 calculated MISC 
bad0a746e9f4cf260dedba5828d9645d501 76aac is cited in the MISC 
OSV "fixed" field but does not have a code change. iain 
CVE-2020-36400 
seromg -- libzmq ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in 2021-07-01 not yet MISC 
zmq::tcp_read, a different vulnerability than CVE-2021-20235. calculated |MISC 
MISC 
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS CVE-2021-27950 
through 1.2.3.12 allows an authenticated attacker to execute nat vet MISC 
sita -- azurcms arbitrary SQL commands via the id parameter to 2021-07-02 sera MISC 
mesdocs.ajax.php in azurWebEngine/eShop. By default, the query MISC 
is executed as DBA. MISC 
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sloan -- smartfaucets 


There exists an unauthenticated BLE Interface in Sloan 
SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS 
EFX, and Flushometers including SOLIS. The vulnerability allows 
for unauthenticated kinetic effects and information disclosure on 
the faucets. It is possible to use the Bluetooth Low Energy (BLE) 
connectivity to read and write to many BLE characteristics on the 
device. Some of these control the flow of water, the sensitivity of 
the sensors, and information about maintenance. 


2021-06-30 


not yet 
calculated 


ICVE-2021-20107 
MISC 








sourcecodester -- 
phone_shop_sales_managements_s$ 


Sourcecodester Phone Shop Sales Managements System 1.0 is 
vulnerable to Insecure Direct Object Reference (IDOR). Any 
#ACKer will be able to see the invoices of different users by 
changing the id parameter. 


2021-07-01 


not yet 
calculated 


CVE-2021-35337 
MISC 








stellar -- js-stellar-sdk 


\js-stellar-sdk is a Javascript library for communicating with a 
Stellar Horizon server. The “Utils.readChallengeTx® function used 
in SEP-10 Stellar Web Authentication states in its function 
documentation that it reads and validates the challenge 
transaction including verifying that the “serverAccountID* has 
signed the transaction. In js-stellar-sdk before version 8.2.3, the 
function does not verify that the server has signed the transaction. 
Applications that also used *Utils.verifyChallengeTxThreshold’ or 
*Utils.verifyChallengeTxSigners’ to verify the signatures including 
the server signature on the challenge transaction are unaffected 
as those functions verify the server signed the transaction. 
Applications calling “Utils.readChallengeTx® should update to 
version 8.2.3, the first version with a patch for this vulnerability, to 
ensure that the challenge transaction is completely valid and 
signed by the server creating the challenge transaction. 


2021-07-02 


not yet 
calculated 


CVE-2021-32738 
CONFIRM 
MISC 








stormshield -- stormshield 


An issue was discovered in Stormshield SNS through 4.2.1. A 
brute-force attack can occur. 


2021-07-01 


not yet 
calculated 


CVE-2021-28127 
MISC 
MISC 








sulu -- sulu 


Sulu is an open-source PHP content management system based 
on the Symfony framework. In versions of Sulu prior to 1.6.41, it is 
possible for a logged in admin user to add a script injection (cross- 
site-scripting) in the collection title. The problem is patched in 
version 1.6.41. As a workaround, one may manually patch the 
affected JavaScript files in lieu of updating. 


2021-07-02 


not yet 
calculated 


CVE-2021-32737 
CONFIRM 
MISC 








suse -- linux_enterprise_server 


A UNIX Symbolic Link (Symlink) Following vulnerability in 
arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE 
Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; 
openSUSE Factory, Leap 15.2 allows local attackers with control 
of the runtime user to run arpwatch as to escalate to root upon the 
next restart of arpwatch. This issue affects: SUSE Linux 
Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. 
SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. 
SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 
2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and 
prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15- 
Ip152.5.5 and prior versions. 


2021-06-30 


not yet 
calculated 


CVE-2021-25321 
CONFIRM 








suse -- linux_enterprise_server 


A Use of Password Hash Instead of Password for Authentication 
vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 
12-SP5, SUSE Manager Server 4.0 allows attackers with access 
ito the hashed password to use it without having to crack it. This 
issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 
cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl 
versions prior to 2.4. 


2021-06-30 


not yet 
calculated 


CVE-2019-18906 
CONFIRM 








symantec -- 
advanced_secure_gateway 


The Symantec Advanced Secure Gateway (ASG) and ProxySG 
web management consoles are susceptible to an authentication 
bypass vulnerability. An unauthenticated attacker can execute 
arbitrary CLI commands, view/modify the appliance configuration 
and policy, and shutdown/restart the appliance. 


2021-06-30 


not yet 
calculated 


CVE-2021-30648 
MISC 








synacor -- 
zimbra_collaboration_suite 


An issue was discovered in ProxyServlet.java in the /proxy servlet 
in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x 
before 9.0.0 Patch 16. The value of the X-Host header overwrites 
the value of the Host header in proxied requests. The value of X- 
Host header is not checked against the whitelist of hosts Zimbra is 
allowed to proxy to (the zimbraProxyAllowedDomains setting). 


2021-07-02 


not yet 
calculated 


CVE-2021-35209 
MISC 
MISC 
MISC 
MISC 








synacor -- 
zimbra_collaboration_suite 











An issue was discovered in ZmMailMsgView.js in the Calendar 
Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 
Patch 23. An attacker could place HTML containing executable 
JavaScript inside element attributes. This markup becomes 
unescaped, causing arbitrary markup to be injected into the 
document. 








2021-07-02 


not yet 
calculated 








CVE-2021-35208 
MISC 
MISC 
MISC 
MISC 
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Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO 
Enterprise Runtime for R - Server Edition: versions 1.3.0 and 
1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 
1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS 
Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: 
versions 10.3.12 and below, TIBCO Spotfire Server: versions 
10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 
10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire 
Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire 
Statistics Services: versions 10.3.0 and below, TIBCO Spotfire 
Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and 
'TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 
11.3.0. 




















Prima’ ae : CVSS Source & Patch 
Vendor -- Prslick Bescmprion Published Score Info 
An issue was discovered in Zimbra Collaboration Suite 8.8 before 
acer 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. AnXSS_ vi aii 
vinibra. collaboration: suite vulnerability exists in the login component of Zimbra Web Client, 2021-07-02 not yet MISC 
= = in which an attacker can execute arbitrary JavaScript by adding calculated MISC 
executable JavaScript to the loginErrorCode parameter of the MISC 
login url. a= 
An open redirect vulnerability exists in the /preauth Servlet in 
synacor -- Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, i eens 
Sinbra .collaboration suite an attacker would need to have obtained a valid zimbra auth token 2021-07-02 not yet MISC 
= = or a valid preauth token. Once the token is obtained, an attacker calculated MISC 
could redirect a user to any URL via isredirect=1&redirectURL= in MISC 
conjunction with the token data (e.g., a valid authtoken= value). lerere 
Multiple SQL Injection vulnerabilities in Teachers Record CVE-2021-28423 
teachers_record_management_syst¢ktanagement System 1.0 allow remote authenticated users to not vet MISC 
-- execute arbitrary SQL commands via the ‘editid' GET parameter in|) 2021-07-01 ease MISC 
teachers_record_managemet_systefiedit-subjects-detail.php, edit-teacher-detail.php, or the MISC 
‘searchdata' POST parameter in search.php. MISC 
A A stored cross-site scripting (XSS) vulnerability in Teachers CVE-2021-28424 
eachers_record_management_syst@m). 4), di Mana é MISC 
i la gement System 1.0 allows remote authenticated 2021-07-01 not yet MISC 
laa chars.record imanademet-eveteoens to inject arbitrary web script or HTML via the 'email' POST calculated MISC 
ll al g _ System 
parameter in adminprofile.php. MISC 
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to oo 
overwrite arbitrary files via a crafted archive when 
RenSOHipW >AenSoriiay i keraeuitie. ger fle uaed with extiaci-trie, NOTE:HG 2021-06-30 || Notyet |MISC 
: iil? : cies : calculated ||MISC 
vendor's position is that tf.keras.utils.get_file is not intended for MISC 
untrusted archives. MISC 
CVE-2021-36081 
tesseract_ocr -- tesseract ‘Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use- 2021-07-01 not yet MISC 
after-free during a strpbrk call. calculated |MISC 
MISC 
think-helper defines a set of helper functions for ThinkJS. In 
versions of think-helper prior to 1.1.3, the software receives input 
think-js -- think-helper from an upstream component that specifies attributes that are to 2021-06-30 not yet CVE-2021-32736 
be initialized or updated in an object, but it does not properly calculated |CONFIRM 
control modifications of attributes of the object prototype. The 
vulnerability is patched in version 1.1.3. 
The Windows Installation component of TIBCO Software Inc.'s 
'TIBCO Enterprise Runtime for R - Server Edition, TIBCO 
Enterprise Runtime for R - Server Edition, TIBCO Enterprise 
Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform 
for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire 
Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, 
TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics 
Services contains a vulnerability that theoretically allows a low 
privileged attacker with local access on some versions of the 
Windows operating system to insert malicious software. The 
affected component can be abused to execute the malicious 
software inserted by the attacker with the elevated privileges of 
the component. This vulnerability results from a lack of access 
tibco -- multiple products restrictions on certain files and/or folders in the installation. 2021-06-29 not yet a 
Affected releases are TIBCO Software Inc.'s TIBCO Enterprise calculated CONFIRM 
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option) requires selecting a non-default setting in 





MSR_TSX_CTRL. This setting isn't restored after S3 suspend. 














Prima ae : CVSS Source & Patch 
Vendor -- Prsiick Beecmpren eubilehed Score Info 
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R 
components of TIBCO Software Inc.'s TIBCO Enterprise Runtime 
for R - Server Edition, TIBCO Enterprise Runtime for R - Server 
Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO 
Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire 
Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO 
Spotfire Statistics Services, TIBCO Spotfire Statistics Services, 
and TIBCO Spotfire Statistics Services contain a vulnerability that 
theoretically allows a low privileged attacker with local access on 
the Windows operating system to insert malicious software. The 
affected component can be abused to execute the malicious 
software inserted by the attacker with the elevated privileges of 
the component. This vulnerability results from the affected 
tibco —- multiple products component searching for run-time artifacts outside of the 2021-06-29 not yet ao 
installation hierarchy. Affected releases are TIBCO Software Inc.'s calculated CONFIRM 
'TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 —— 
and below, TIBCO Enterprise Runtime for R - Server Edition: 
versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server 
Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics 
Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO 
Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire 
Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 
10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, 
'TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, 
TIBCO Spotfire Statistics Services: versions 10.3.0 and below, 
TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 
10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 
11.2.0, and 11.3.0. 
Tieline IP Audio Gateway 2.6.4.8 and below is affected by 
5 0 : 7 Incorrect Access Control. A vulnerability in the Tieline Web 
Moline Ip Laude Gateway Administrative Interface could allow an unauthenticated user to 2021-07-01 7 - cee 
access a sensitive part of the system with a high privileged calculated (MISC 
account. 
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021- CVE-2021-34550 
torproject -- tor 006. The v3 onion service descriptor parsing allows out-of-bounds 2021-06-29 not yet MISC... 
memory access, and a client crash, via a crafted onion service calculated CONFIRM 
descriptor ee 
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021- CVE-2021-34549 
torproject -- tor 005. Hashing is mishandled for certain retrieval of circuit data. 2021-06-29 not yet MISC... 
Consequently. an attacker can trigger the use of an attacker- calculated CONFIRM 
chosen circuit ID to cause algorithm inefficiency. ———— 
torproject -- tor An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021- not yet CVE-2021-34548 
003. An attacker can forge RELAY_END or RELAY_RESOLVED 2021-06-29 ealculaied MISC 
to bypass the intended access control for ending a stream. CONFIRM 
ié-odash — te-nodash All versions of package ts-nodash are vulnerable to Prototype 2021-07-02 not yet pees 
Pollution via the Merge() function due to lack of validation input. calculated MISC 
CVE-2020-36406 
: uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer "is ed 
Hie erRInO) << Riehisocnets overflow in uWS::TopicTree::trimTree (called from 2021-07-01 || motyet |MISC 
; : calculated |MISC 
uWS::TopicTree::unsubscribeAll). MISC 
Weeaii = Veeam \Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 not yet CVE-2021-35971 
and 11 before 11.0.0.837 P20210507 mishandles deserialization 2021-06-30 calculated MISC 
during Microsoft .NET remoting. MISC 
Western Digital WD My Book Live (2.x and later) and WD My 
Western_digital -- multiple_products Book Live Duo (all versions) have an administrator API that can not yet CVE-2021-35941 
= = perform a system factory restore without authentication, as 2021-06-29 calculated MISC 
exploited in the wild in June 2021, a different vulnerability than MISC 
CVE-2018-18472. 
Guest triggered use-after-free in Linux xen-netback A malicious or 
buggy network PV frontend can force Linux netback to disable the 
interface and terminate the receive kernel thread associated with 
Pane o en queue 0 in response to the frontend sending a malformed packet. 2021-06-29 notyet |CVE-2021-28691 
Such kernel thread termination will lead to a use-after-free in Linux calculated |MISC 
netback when the backend is destroyed, as the kernel thread 
associated with queue 0 will have already exited and thus the call 
ito kthread_stop will be performed against a stale pointer. 
x86: TSX Async Abort protections not restored after S3 This issue 
relates to the TSX Async Abort speculative security vulnerability. 
van xan Please see hitps://xenbits.xen.org/xsa/advisory-305.html for 2021-06-29 not yet CVE-2021-28690 
details. Mitigating TAA by disabling TSX (the default and preferred calculated ||MISC 
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firmware versions 4.35 through 5.01, which could allow a remote 
attacker to execute arbitrary commands on an affected device. 

















Prima’ rar, : CVSS Source & Patch 
Vendor -- pases Pescnpron Published Score Info 
xen/arm: Boot modules are not scrubbed The bootloader will load 
boot modules (e.g. kernel, initramfs...) in a temporary area before 
Yan cwan they are copied by Xen to each domain memory. To ensure 2021-06-30 not yet |CVE-2021-28693 
sensitive data is not leaked from the modules, Xen must "scrub" calculated ||MISC 
them before handing the page over to the allocator. Unfortunately, 
it was discovered that modules will not be scrubbed on Arm. 
inappropriate x86 I|OMMU timeout detection / handling IOMMUs 
process commands issued to them in parallel with the operation of 
the CPU(s) issuing such commands. In the current implementation 
in Xen, asynchronous notification of the completion of such 
commands is not used. Instead, the issuing CPU spin-waits for the 
completion of the most recently issued command(s). Some of 
xen -- xen these waiting loops try to apply a timeout to fail overly-slow 2021-06-30 chitin en 
commands. The course of action upon a perceived timeout a 
actually being detected is inappropriate: - on Intel hardware 
guests which did not originally cause the timeout may be marked 
as crashed, - on AMD hardware higher layer callers would not be 
notified of the issue, making them continue as if the IOMMU 
operation succeeded. 
; ; XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to notyet |CVE-2021-25951 
pernl2gion <=xenl2 ict cause a denial at service. ee éalculated MISC 
XWiki Platform is a generic wiki platform offering runtime services 
for applications built on top of it. A cross-site request forgery 
vulnerability exists in versions prior to 12.10.5, and in versions CVE-2021-32730 
Xxwiki -- xwiki 13.0 through 13.1. It's possible for forge an URL that, when 2021-07-01 not yet CONFIRM 
accessed by an admin, will reset the password of any user in calculated |MISC 
XWiki. The problem has been patched in XWiki 12.10.5 and MISC 
13.2RC1. As a workaround, it is possible to apply the patch 
manually by modifying the ‘register_macros.vm* template. 
XWiki Platform is a generic wiki platform offering runtime services 
for applications built on top of it. Between (and including) versions 
Wiki < sewiki 13.1RC1 and 13.1, the reset password form reveals the email not yet oe 
address of users just by giving their username. The problem has 2021-07-01 calculated |CONFIRM 
been patched on XWiki 13.2RC1. As a workaround, it is possible MISC. 
to manually modify the ‘resetpasswordinline.vm’ to perform the Pr 
changes made to mitigate the vulnerability. 
XWiki Platform is a generic wiki platform offering runtime services 
for applications built on top of it. A vulnerability exists in versions 
prior to 12.6.88, 12.10.4, and 13.0. The script service method 
used to reset the authentication failures record can be executed 
wiki -- xwiki by any user with Script rights and does not require Programming not yet CVE-2021-32729 
rights. An attacher with script rights who is able to reset the 2021-07-01 éalculated CONFIRM 
authentication failure record might perform a brute force attack, MISC 
since they would be able to virtually deactivate the mechanism 
introduced to mitigate those attacks. The problem has been 
patched in version 12.6.8, 12.10.4 and 13.0. There are no 
workarounds aside from upgrading. 
zoho -- Zoho ManageEngine ADSelfService Plus before 6104, in rare 
manageengine_adselfservice_plus _||situations, allows attackers to obtain sensitive information about 2021-07-02 Plt iene nai 
the password-sync database application. tears 
zoho -- Zoho ManageEngine Applications Manager before 15130 is 
manageengine_applications_managgmulnerable to Stored XSS while importing malicious user details 2021-07-01 Pia ae oe 
(e.g., a crafted user name) from AD. (eames 
An authentication bypasss vulnerability in the web-based 
: management interface of Zyxel USG/Zywall series firmware 
eyolvinwvare versions 4.35 through 4.64 and USG Flex, ATP, and VPN series | 2021-07-02 || "or vel . as 
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